Data breach affected customers’ credit card information, Ticketmaster reports

Ticketmaster is notifying customers about a “data security incident” that may have leaked their personal information.

 

The ticket-selling company wrote in an email to customers Monday that it recently discovered an “unauthorized third party” obtained information from a cloud database hosted by a third-party company between April 2 and May 18.

 

The information “may have included your name, basic contact information, and payment card information such as encrypted credit or debit card numbers and expiration dates,” the email read.

 

The email says Ticketmaster is investigating and co-operating with U.S. federal law enforcement authorities.

“We are fully committed to protecting your information, and deeply regret that this incident occurred,” it said.

 

According to the email, Ticketmaster determined that personal information might have been affected on May 23 — just three days after another major Ticketmaster data breach.

 

That breach was described as “unauthorized activity” in a third-party cloud database that mainly contained Ticketmaster data, according to a filing that month by the company’s owner Live Nation with the U.S. Securities and Exchange Commission.

 

Held for ransom

That came after a hacking group called ShinyHunters claimed it had stolen user data of more than 500 million Ticketmaster customers and demanded a ransom of $500,000 US ($680,000 Cdn), according to media reports.

 

It is not clear whether the two breaches are connected.

 

Evan Light, associate professor of communications at York University and an expert in privacy and surveillance technology, says it’s surprising that people’s credit card numbers were released.

“If people get emails from Ticketmaster saying that they’re among these accounts, I’d say cancel your credit card right away.”

 

Light suggests checking the website Have I Been Pwned, which scours databases in hacker forums, to see if your email address is included in those data sets.

 

He says it’s also a good idea to enable two- or multi-factor authentication on credit cards, and to refrain from storing credit card information with a company you are buying from, even though it seems convenient.

 

Light says most large companies outsource customers’ personal information, and “you can only police people who you contract out so rigorously,” which can become a problem for a company of Live Nation’s size.

 

“The fact that they’re such a giant monopoly means that there’s nobody to keep them in check,” he said.

 

 

 

 

This article was first reported by CBC News