40,000 Ticketmaster customers hacked
Criminals had access to all their bank details since February – but victims weren’t told of breach
THOUSANDS of customers of Britain’s largest online ticket seller have had their bank details hacked, it emerged last night.
Fraudsters may have had access to information from 40,000 Ticketmaster users from February this year.
But unlike previous hacks, all of their information may have been taken, including the three-digit CVC security number written on the back of debit cards. That number is needed to complete an online transaction.
Any information inputted into the website may have been taken, Ticketmaster has admitted.
Some customers have already seen suspicious activity on their bank accounts, with fraudsters spending money on services such as Uber and Netflix.
Digital bank Monzo noticed customers cards had been compromised in April and told Ticketmaster that month. The company’s head of financial crime, Natasha Vernier said it ‘couldn’t get any traction’ from Ticketmaster, when it approached the company with concerns.
In the meantime, Monzo contacted all customers who had ever dealt with Ticketmaster, about 5,000 in all, telling them to replace their cards.
The Information Commissioner’s Office (ICO) is investigating the breach and Ticketmaster could be hit by fines running into millions. In the wake of the breach, the watchdog said: ‘Organisations have a legal duty to ensure that people’s personal information is held securely’. Ticketmaster sells tickets to many of the UK’s high profile live music events and theatre shows.
Many victims took to social media to criticise the company for its failure to tell customers quickly. A customer called Becky posted: ‘They’re handling it awfully. A simple email and then an automated message whenever you try to contact them. Very poor when they are someone you have given all of your bank details to. A less generic response would be helpful and decent when someone trusts you with their bank details and that is then jeopardised.’ Another tweeted: ‘They don’t care’.
Ticketmaster became aware of the breach on Saturday after detecting suspicious software on a customer support system hosted by a third party supplier called Inbenta Technologies.
Despite the company finding out on Saturday, customers were only sent emails notifying them of what
had happened yesterday. Guidelines issued by the ICO state: ‘If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, you must also inform those individuals without undue delay.’ Last night, a solicitor warned that those hit could be entitled to compensation. Sean Humber, a data protection lawyer at firm Leigh Day said: ‘The company must now be clear exactly what has been accessed, as any data breach involving an individual’s financial information is especially serious. If it transpires the data was hacked as a result of inadequate security systems employed by Ticketmaster then those affected are likely to be entitled to compensation for the distress and inconvenience caused as well as losses suffered.’
A spokesman for Ticketmaster said: ‘We have contacted all potentially impacted UK customers who purchased, or attempted to purchase, tickets between February and June 23, 2018.’
Customers affected have been given a 12-month identity monitoring service free of charge which will track whether their data has been misused.
The latest hack comes just a day after Culture Secretary Matt Hancock warned that cyber attackers are more and more determined.
At the opening of the new £13.5million London Office for Rapid Cyber security Advancement, on Tuesday he said: ‘The people who are trying to attack us in cyber space are strengthening their techniques every single day.’