As if paying through the nose for concert tickets is not bad enough, now 40,000 Ticketmaster customers are facing the prospect of having their personal data exploited after the company admitted that it has suffered a security breach.
The firm blamed malicious software on a third-party customer support product from Inbenta Technologies and fessed up that “some personal or payment data may have been accessed by an unknown third party”.
In an email to those customers who have been affected by the issue, Ticketmaster said it had set up a website to answer any questions and advised them to reset their passwords. It also offered them a free 12-month identity monitoring service.
Ticketmaster claimed the breach is likely to have only affected UK customers who purchased or attempted to purchase tickets between February 1 and June 23 2018 but, as a precaution, it has also informed international customers who purchased or attempted to purchase tickets between September 1 2017 and June 23 2018.
Data that may have been compromised includes names, addresses, email addresses, telephone numbers, payment details and Ticketmaster log-in details.
The firm insisted that “forensic teams and security experts are working around the clock” to understand how data was compromised.
Bizarrely, given its admission that it does not know how the breach occurred, Ticketmaster said it was confident it had complied with GDPR by acting quickly and informing all relevant authorities, including the Information Commissioner’s Office. However, if it is found to have had inadequate data security measures in place – even if a third-party was to blame – it could be for the high jump.
Related stories
Dixons Carphone pummelled as hackers strike again
Carphone Warehouse rocked by £400,000 ICO data fine
Scammers access Virgin Media data for phishing attack
TalkTalk fined £100,000 over India call centre failings
25 million UK adults in the dark over theft of their data
Stephen Fry on alert as toffs’ data is stolen from club
Uber faces long arm of the law over 64m data breach