Ticketmaster Finally Confirms Massive Data Breach to Customers — Weeks After the Hack Occurred

Ticketmaster exec pleaded guilty to hacking competitor
  • Save

Ticketmaster exec pleaded guilty to hacking competitor
  • Save
Photo Credit: Ashley King

Weeks after admitting it experienced a data breach, Ticketmaster is now getting around to informing its customers. Unfortunately, we’re left with more questions than answers.

Ticket buyers were greeted to an email with the subject, “Data incident related to transactions in North America” from Ticketmaster. “We wanted to inform you that Ticketmaster recently discovered unauthorized activity in a third-party cloud database that contained limited personal information of some customers who bought tickets to events in North America (U.S., Canada, Mexico).”

“The database held details such as email, phone number, as well as other personal information you provided to us including payment card information such as encrypted credit or debit card numbers and expiration dates. Your Ticketmaster account remains secure.”

Digital Music News reported on the Ticketmaster hack on June 18, which occurred after a single Belarusian contractor for Snowflake was compromised. Snowflake is a cloud data storage firm used by many companies, with 165 customers impacted alongside Ticketmaster. Other victims of the data breach include Santander, Lending Tree, and Advance Auto Parts. The hacking group ShinyHunters claim to have lifted a 1.3TB database from Ticketmaster.

Ticketmaster says it is working with industry-leading cybersecurity experts, the relevant authorities, companies, and banks. The ticketing service is offering those impacted 12 months of credit monitoring service from TransUnion to spot potential fraud caused by the data leak—but only if you enroll 90 days after receiving the notice. It took Ticketmaster more than two months since reports of the breach to inform customers they were impacted.

Both Live Nation and Ticketmaster are facing a lawsuit over the data breach filed by California residents Cynthia Ryan and Rosalia Garcia. That lawsuit alleges that Live Nation and Ticketmaster failed to properly secure their personal information including full names, addresses, email addresses, phone numbers, ticket sales, and event details—including partial payment details. The information was then made available for sale on the dark web for $500,000.

“Compromised payment data includes customer names, the last four digits of card numbers, expiration dates, and even customer fraud details,” the lawsuit alleges. A Live Nation regulatory riling released in May reveals the company faced a “criminal threat actor” who tried to sell Ticketmaster data on the dark web. Live Nation says it is currently investigating the breach.