Tuesday 16 October 2018

Ticketmaster customers' card details may have been hacked

Fans who bought tickets for the Rolling Stones concert at Croke Park last month are among those who could be hit by the data breach. Picture: Steve Humphreys
Fans who bought tickets for the Rolling Stones concert at Croke Park last month are among those who could be hit by the data breach. Picture: Steve Humphreys

Ryan Nugent

Ticketmaster has warned Irish customers their personal payment details may have been breached by a third party.

In an email issued to tens of thousands of Irish customers last night, the ticket supplier said the breach could affect those who purchased tickets between September 2017 and June 23, 2018.

Ticketmaster say this is "out of an abundance of caution".

The ticket website has advised customers to monitor their account statements for any evidence of fraud or identity theft.

It is understood the ticketing giant has no evidence that any Irish customers are directly affected by the breach and, as it stands, it is only customers in the UK that have been directly affected.

However, it has contacted all customers who have purchased or attempted to purchase from the Ticketmaster Ireland site between September and June.

It said that as soon as they discovered the malicious software - identified on an external customer support product - it was disabled across all of its websites.

"If you have not received an email, we do not believe you have been affected by this security incident based on our investigations," it said on a website set up to deal with the breach.

"Whilst we have no evidence to suggest your data has been compromised, we are notifying you out of an abundance of caution.

Suspicious

"If you are concerned or notice any suspicious activity on your account, you should contact your bank(s) and any credit card companies," the email added.

"On Saturday, June 23, 2018, Ticketmaster UK identified malicious software on a customer support product hosted by Inbenta Technologies, an external third-party supplier to Ticketmaster.

"As soon as we discovered the malicious software, we disabled the Inbenta product across all Ticketmaster websites.

"As a result of Inbenta's product running on Ticketmaster websites, some of our customers' personal or payment information may have been accessed by an unknown third party," the company said.

Ticketmaster said the potential breach affects fewer than 5pc of its global customers, though customers in North America are not affected.

The company said customers should reset their password next time they log into their accounts as a precautionary measure.

However it said the website is safe to use after the third party product was disabled.

"Ticketmaster has established this website to answer your questions about the Inbenta incident," it said in a statement.

"As a precautionary measure, all notified customers will need to reset their passwords when they next log into their accounts.

"We are offering impacted customers a free 12 month identity monitoring service with a leading provider."

Compromised

It said it has forensic teams and security experts working on understanding how the data was compromised.

It said it is working with relevant authorities along with credit card companies and banks.

Ticketmaster is the official distributor for almost all of the major concerts hosted in Ireland, with tickets for big gigs such as the Rolling Stones, Taylor Swift, the Killers and the Arctic Monkeys all being sold in the period of time in which it said there could have been a potential data breach.

Irish Independent

Editor's Choice

Also in Irish News