The Ticketmaster breach – what happened and what to do

Live Nation Entertainment subsidiary Ticketmaster has admitted it has suffered a serious data breach affecting 40,000 of its British and international customers.

Anyone who used the Ticketmaster UK, GETMEIN! and TicketWeb sites to book tickets from February 2018 and 23 June 2018 may have had data compromised, including their name, e-mail address, physical address, telephone number, Ticketmaster logins, and payment card details.

In addition, so-called international customers who bought, or tried to buy, tickets between September 2017 and 23 June 2018 could also be affected.

The issue was caused by malware, spotted on 23 June 2018, that had infected a customer support system managed by Ticketmaster partner Inbenta Technologies.

What’s happened to the stolen data?

It seems pretty certain that payment card data was not only stolen but is also already being abused.

What to do?

If you’re one of the 40,000 account holders that Ticketmaster says was affected by the compromise, you should have received an e-mail telling you to change your account password.  This process should happen automatically the next time you try to log in.

If you haven’t been contacted, it’s still a good opportunity to ask yourself whether your Ticketmaster password is sufficiently strong. Change it if there’s any doubt. (This can be done by visiting the Ticketmaster “Forgotten Password” link.)

Keep an eye on your bank and payment card statements. Ticketmaster said it will offer affected customers a free 12-month identity monitoring service with a leading provider, but whether you take that offer up or not, you need to be on the lookout for unauthorised activity on your accounts.

Replace your payment cards as soon as you can if you’re on the list of Ticketmaster customers known to have been affected.  In theory, the criminals should not have the 3-digit CVV code from the back of your card, and in Europe they should not be able to clone your card, thanks to Chip'n'PIN, but you should get a new card (which invalidates the old one immediately) anyway.

Remember that it’s not just card payments that are at risk – the stolen data includes names and addresses, which puts you at risk of identity theft.

Keep a special eye and ear out for fraudulent e-mails, instant messages and phone calls that claim to be connected to this incident. If someone contacts you about the breach, never call or message them back based on contact information they gave to you – always find an independent source for the relevant phone number or e-mail address, such as a printed receipt.