An email alerts customers to a ‘data security incident’ that might have exposed personal information.
leaked credit cards
Ticketmaster is notifying customers about a “data security incident” that may have leaked their personal information.
The ticket-selling company informed customers via email on Monday that it recently discovered an unauthorized third party had accessed information from a cloud database hosted by a third-party company between April 2 and May 18.
According to the email, the compromised information may include names, basic contact details, and payment card information such as encrypted credit or debit card numbers and expiration dates.
Ticketmaster stated it is investigating the incident and cooperating with U.S. federal law enforcement authorities. “We are fully committed to protecting your information, and deeply regret that this incident occurred,” the email read.
The email also revealed that Ticketmaster determined personal information might have been affected on May 23, just three days after another major data breach. That breach involved unauthorized activity in a third-party cloud database primarily containing Ticketmaster data, as reported in a filing by the company’s owner,
Live Nation, with the U.S. Securities and Exchange Commission.
credit card number leaked
A hacking group known as Shiny Hunters has claimed responsibility for stealing user data from over 500 million Ticketmaster customers and is demanding a ransom of $500,000 USD ($680,000 CAD), according to media reports.
The connection between this incident and the recent data breach discovered by Ticketmaster remains unclear.
Evan Light, an associate professor of communications at York University and an expert in privacy and surveillance technology, expressed surprise that people’s credit card numbers were released. “If people get emails from Ticketmaster saying that they’re among these accounts, I’d say cancel your credit card right away,” Light advised.
He also recommended using the website Have I Been Pwned to check if your email address is included in compromised data sets. Additionally, Light suggested enabling two- or multi-factor authentication on credit cards and avoiding storing credit card information with companies for convenience.
Light noted that most large companies outsource the handling of customers’ personal information, and policing these third parties can be challenging for a company as large as Live Nation, Ticketmaster’s parent company. “The fact that they’re such a giant monopoly means that there’s nobody to keep them in check,” he said.