Ticketmaster says customers' credit card information affected by data breach - Action News
Home WebMail Friday, November 22, 2024, 10:07 AM | Calgary | -10.8°C | Regions Advertise Login | Our platform is in maintenance mode. Some URLs may not be available. |
News

Ticketmaster says customers' credit card information affected by data breach

Ticketmaster is notifying customers about a data security incident that may have leaked their personal information.

Email warns customers of a 'data security incident' that may have leaked personal information

A ticket that says ticketmaster.
Ticketmaster is warning customers of a 'data security incident' that may have leaked their personal information. (Dan McGarvey/CBC )

Ticketmaster is notifying customers about a "data security incident" that may have leaked their personal information.

The ticket-selling company wrote in an email to customers Monday that it recently discovered an "unauthorized third party" obtained information from a cloud database hosted by a third-party companybetween April 2 and May 18.

The information "may have included your name, basic contact information, and payment card information such as encrypted credit or debit card numbers and expiration dates," the email read.

The email says Ticketmaster is investigating and co-operating with U.S. federal law enforcement authorities.

"We are fully committed to protecting your information, and deeply regret that this incident occurred," it said.

According to the email, Ticketmaster determined on May 23 that personal information might have been affected.

The notice was connected to a previously reportedbreach, a Ticketmaster spokesperson told CBCon Tuesday, whenthe company'sowner Live Nationsaid in a May 31filing with the U.S. Securities and Exchange Commission thatit found"unauthorized activity" in a third-party cloud database that mainly contained Ticketmaster data.

Logos for Live Nation Entertainment and Ticketmaster.
Ticketmaster's owner Live Nation recently reported a similar data breach to U.S. authorities. (Dado Ruvic/Illustration/Reuters)

Held for ransom

News of the breachcame after a hacking group called ShinyHuntersclaimedit had stolen user data of more than 500 million Ticketmaster customers and demanded a ransom of $500,000 US ($680,000 Cdn), according to media reports.

Ticketmaster says it firstidentified the breach on May 20.

Three days later, it identified that personal information may have been affected by the breach,which was the subject of Monday's email.

CBC has asked Ticketmaster why it did not notify customers sooner.

Evan Light, associate professor of communications at York Universityand an expert in privacy and surveillance technology, says it's surprising that people's credit card numbers were released.

"If people get emails from Ticketmaster saying that they're among these accounts, I'd say cancel your credit card right away."

Light suggests checking the website Have I Been Pwned,which scours databases in hacker forums, to see if your email address is included in those data sets.

Hesays it's also a good idea to enable two- or multi-factor authentication on credit cards, and to refrain from storing credit card information with a company you are buying from, even though it seems convenient.

Light says most large companies outsource customers' personal information, and "you can only police people who you contract out so rigorously," which can become a problem for a company of Live Nation'ssize.

"The fact that they're such a giant monopoly means that there's nobody tokeep them in check."

Clarifications

  • Clarification: An earlier version of this story said it was not clear whether Ticketmaster's Monday email to customers was connected to the data breach CBC reported on June 1. Ticketmaster clarified Tuesday that the email was related to the same data breach.
    Jul 09, 2024 5:54 PM ET

With files from Reuters