Ticketmaster ‘failed to protect customers after hacking tip-off ’
FRAUDSTERS stole thousands of pounds from Ticketmaster customers after the company failed to act on a warning it had been hacked, it was claimed yesterday.
Hackers were allowed to retain access to the event ticket vendor’s systems for months undisturbed after it failed to react to a tip- off in April from Monzo, a British digital- only bank which had noticed ‘suspicious activity’ on its customers’ accounts.
Ticketmaster admitted on Wednesday that the card details and personal data of 40,000 British users had been taken as part of a cyber attack on its systems.
The company claimed it had not identified the breach until June 23 and had then taken ‘swift action’, informing authorities rapidly.
However, Tom Blomfield, founder of Monzo, said: ‘ Our financial crime team had meetings with them and had a long train of email correspondence with them – where we presented them with more and more data.
‘No one is going to be perfect. That is not what we are saying here. Everyone is going to have issues. It is just how you respond when you find out there might be an issue, [that] I think is the marker [ of a company] that wants to keep their customers safe versus others.’
Some of Monzo’s 750,000 customers saw their accounts drained entirely and others noticed suspicious transactions running into thousands. In one instance, £3,500 was taken from a single account.
Ticketmaster told Monzo it would ‘investigate internally’, but quickly found no evidence of a breach. It also did not involve any security bodies. Under the General Data Protection Regulation laws, which came into force last month, companies must admit to data breaches with 72 hours of discovering them.
Companies that have fallen prey to data breaches can also face fines of up to £ 17million handed out by the Information Commissioner’s Office.
Many were outraged by the revelations. Twitter user John M wrote: ‘So @monzo informed @TicketmasterCS of their data breach in April 2018. No action taken. My data was compromised in June 2018. Absolutely fuming with @ TicketmasterCS. How dare you.’
A spokesman for the Information Commissioner’s Office, which is probing the hack, said: ‘Organisations have a legal duty to ensure that people’s personal information is held securely.’
The National Cyber Security Centre, an arm of GCHQ, said: ‘The National Crime Agency is leading the investigation and broader law enforcement response to the cyber incident affecting Ticketmaster.’
A spokesman for Ticketmaster said: ‘When a bank or credit card provider alerts us to suspicious activity it is always investigated thoroughly with our acquiring bank, which processes card payments on our behalf.
‘In this case, there was an investigation, but there was no evidence that the issue originated with Ticketmaster.’