Ticketmaster has admitted that 40,000 of its customers’ credit card details and personal information has been leaked in a data breach.
According to the ticket sales website, it was hit by malicious software on Saturday via one of its third-party suppliers.
Anyone who has attempted to buy tickets off the website between February and June this year could be affected by the breach.
The firm has offered a year free identity monitoring service to those whose details were stolen.
‘An exhausting process’
Peter Carlisle, VP EMEA, Thales eSecurity, commented: “Can it be that we are seeing another major UK company admitting a breach, so soon after Dixons Carphone? As sophisticated and well-funded threat actors adapt quickly to new security measures, trying to protect customer data has become an exhausting process.
“But, the best defence in cybersecurity is a proactive one. It’s simply not acceptable that any organisation, especially one of this size, was not protecting all of its data so that it was secured against any kind of attack, even one via third-party software.”
Ticketmaster is working with relevant authorities, credit card companies, banks, and has its own forensics teams and experts analysing the breach.
‘Risk of weighty financial penalties’
“To protect customers and their valuable personal data, businesses must have complete visibility and control over exactly where their data resides, and adopt an encrypt-everything approach. Cybercriminals are getting smarter, better and faster and this is just another name on the long list of high profile victims,” he added.
“With the GDPR in full force, it’s no longer just a lack of customer trust and a tarnished reputation organisations need to be worried about. The risk of weighty financial penalties means the perils of a data breach just got a lot more serious!”
While the breach mainly affected UK customers, the company said oversea customers, other than those in North America, should also change their passwords.
Written by Leah Alger