Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
United Kingdom Privacy Security

Ticketmaster UK Admits Personal Data Stolen In Hack Attack (bbc.com) 17

An anonymous reader quotes a report from BBC: Ticketmaster has admitted that it has suffered a security breach, which the BBC understands has affected up to 40,000 UK customers. Malicious software on third-party customer support product Inbenta Technologies caused the hack, the firm said on Twitter. "Some personal or payment information may have been accessed by an unknown third party," it added. All affected customers have been contacted.

In the email to those customers, Ticketmaster said it had set up a website to answer any questions and advised them to reset their passwords. It also offered them a free 12-month identity monitoring service. It said the breach was likely to have only affected UK customers who purchased or attempted to purchase tickets between February and 23 June 2018. But, as a precaution, it said it had also informed international customers who had purchased or attempted to purchase tickets between September 2017 and 23 June 2018.

This discussion has been archived. No new comments can be posted.

Ticketmaster UK Admits Personal Data Stolen In Hack Attack

Comments Filter:
  • by stereoroid ( 234317 ) on Wednesday June 27, 2018 @03:58PM (#56855980) Homepage Journal

    Note that Ticketmaster UK handles processing for Ireland too, so if you've used ticketmaster.ie in the last 6 months, the advisory applies to you too.

  • I've no axe to grind when it comes to Ticketmaster. Never used their services.

    However, if companies are going to wake up to the importance of protecting the data they collect so voraciously, they need a good incentive to do so. Much as Ticketmaster won't like this, one useful way of approaching this would be that, if it can be shown that they were negligent, then to levy the absolute maximum that the GDPR will allow (4% of global turnover?) as a fine.

    Sadly, the only way that companies will even think
  • Nope, it's still ticketmaster's fault for letting the horses bolt. Likewise BeauHD is still a poser and a wannabe editor.

  • Malicious software on third-party customer support product Inbenta Technologies caused the hack

    The term "third party" suggests Inbenta operates the service and would be somehow liable. But if Ticketmaster operated it on its own, there is no Inbenta liability. The article is not clear about the situation.

  • by Zocalo ( 252965 ) on Thursday June 28, 2018 @07:52AM (#56858864) Homepage
    It appears that Monzo (a UK online bank) noticed this breach [monzo.com] through anomalous transactions on their cards as early as April 6th, notified TicketMaster about the possible issue immediately and started proactively replacing cards that had been used to make purchases through TicketMaster. Representatives from TicketMaster visited Monzo's offices on April 12th to gather further information - a whole week(!) after the initial notification - but then apparently denied finding evidence of a breach to Monzo a further week later, finally coming clean by going public on 27th June, almost 12 weeks after they were first advised of a possible compromise that apparently they didn't resolve until 23rd June, per their own site. Note that Mastercard sent out a general advisory about the account data compromise to all banks on 21st June, which may have forced TicketMaster's hand on the timing of the public disclosure.

    Given TicketMaster dropped the ball on security matters, I'm also left wondering if they dropped the ball on GDPR requirements too. The time period spans the introduction of the GDPR on May 29th so, in theory, TicketMaster should have notified the relevant authorities within three days of confirming they had been breached, or by June 1st, whichever came first. If they failed to do that, or were perhaps even hoping to cover the breach up, then TicketMaster's troubles might only just be getting started.

To stay youthful, stay useful.

Working...