Ticketing and events business Ticketmaster UK has said that up to five percent of its global customer base, outside of the USA, might have had their personal details and payment details compromised as part of an attack on a third party the company used.
Their Twitter account appears to confirm the breach.
In a statement, the company said that Ticketmaster UK “identified malicious software on a customer support product hosted by Ibenta Technologies, an external third-party supplier to Ticketmaster.”
“Less than 5% of our global customer base has been affected by this incident. Customers in North America have not been affected.”
The firm said that because AI service Ibenta had been running on Ticketmaster International websites, “some of our customers’ personal or payment information may have been accessed by an unknown third-party.”
It added that customers who might have been affected by the incident had been contacted, and that UK customers who bought or attempted to buy tickets between February and June 2018 might have been affected.
International customers between September 2017 and 23 June 2018 might have been affected.
The company has contacted the information commissioner. It said that “forensic teams and security experts are working around the clock to understand how the data was compromised”.
“We are working with relevant authorities, as well as credit card companies and banks.”
It did not state precisely how many customers it thought were affected, nor did it state that the incident was isolated, or if it expects more customers had been compromised. It warned customers to change their passwords, and is offering identity management software as compensation to compromised customers.
Ticketmaster UK has issued an official statemen to the media. It reads:
On Saturday, June 23, 2018, Ticketmaster UK identified malicious software on a customer support product hosted by Inbenta Technologies, an external third-party supplier to Ticketmaster.
Less than 5% of our global customer base has been affected by this incident.
As soon as we discovered the malicious software, we disabled the Inbenta product across all Ticketmaster websites.
As a result of Inbenta’s product running on the Ticketmaster UK website, some of our customers’ personal or payment information may have been accessed by an unknown third-party.
We have contacted all potentially impacted UK customers who purchased, or attempted to purchase, tickets between February and June, 23 2018. Out of an abundance of caution, we have also contacted all potentially impacted international customers who purchased, or attempted to purchase, tickets between September 2017 and June 23, 2018. No customers in North America have been affected.
Forensic teams and security experts are working around the clock to understand how the data was compromised.
We are working with the Information Commissioner’s Office (ICO), as well as credit card companies, banks and relevant authorities.
What we are doing for affected customers:
- As a precautionary measure, all notified customers will need to reset their passwords when they next log into their accounts
- We are offering impacted customers a free 12 month identity monitoring service with a leading provider