Ticketmaster says customers' credit card information affected by data breach
Ticketmaster is notifying customers about a "data security incident" that may have leaked their personal information.
The ticket-selling com‐ pany wrote in an email to customers Monday that it re‐ cently discovered an "unau‐ thorized third party" ob‐ tained information from a cloud database hosted by a third-party company be‐ tween April 2 and May 18.
The information "may have included your name, basic contact information, and payment card informa‐ tion such as encrypted credit or debit card numbers and expiration dates," the email read.
The email says Ticketmas‐ ter is investigating and co-op‐ erating with U.S. federal law enforcement authorities.
"We are fully committed to protecting your informa‐ tion, and deeply regret that this incident occurred," it said.
According to the email, Ticketmaster determined that personal information might have been affected on May 23 - just three days after another major Ticketmaster data breach.
That breach was de‐ scribed as "unauthorized ac‐ tivity" in a third-party cloud database that mainly con‐ tained Ticketmaster data, ac‐ cording to a filing that month by the company's owner Live Nation with the U.S. Securi‐ ties and Exchange Commis‐ sion.
Held for ransom
That came after a hacking group called ShinyHunters claimed it had stolen user da‐ ta of more than 500 million Ticketmaster customers and demanded a ransom of $500,000 US ($680,000 Cdn), according to media reports.
It is not clear whether the two breaches are connected.
Evan Light, associate pro‐ fessor of communications at York University and an expert in privacy and surveillance technology, says it's surpris‐ ing that people's credit card numbers were released.
"If people get emails from Ticketmaster saying that they're among these accoun‐ ts, I'd say cancel your credit card right away."
Light suggests checking the website Have I Been Pwned, which scours data‐ bases in hacker forums, to see if your email address is included in those data sets.
He says it's also a good idea to enable two- or multifactor authentication on credit cards, and to refrain from storing credit card in‐ formation with a company you are buying from, even though it seems convenient.
Light says most large companies outsource cus‐ tomers' personal informa‐ tion, and "you can only police people who you contract out so rigorously," which can be‐ come a problem for a com‐ pany of Live Nation's size.
"The fact that they're such a giant monopoly means that there's nobody to keep them in check," he said.
CBC News has reached out to Ticketmaster for more information.