, ,

Ticketmaster data breach could be tip of the iceberg

ticketmaster data breach claim

Ticketmaster was affected by a significant data protection breach after cybercriminals hacked the company’s website. However, it now looks like the number of people impacted by the theft is significantly worse than first thought.

What has happened so far?

A hacker group has accessed thousands of Ticketmaster customers’ payment details. Some customers of the ticket sales company have had their cards used fraudulently.

Investigating the Ticketmaster data breach, cybersecurity analysts RiskIQ have now identified the hacker group responsible for the malicious code placed on the Ticketmaster websites.

However, RiskIQ not only states that Magecart – a malicious hacking group – perpetrated the Ticketmaster attack, but that was also undertaking a massive credit card skimming operation that has affected over 800 e-commerce websites.

Worse, it appears that this hacking operation has been active since December 2016.

What is the extent of the problem?

It now looks likely that the Ticketmaster data theft was part of a larger credit card scheme. In fact, we could be looking at the biggest theft of credit card details to date.

According to RiskIQ, the hackers behind the attack “seem to have gotten smarter,”. And “rather than go after websites, they’ve figured out that it’s easier to compromise third-party suppliers of scripts and add their skimmer {code}. In some cases, compromising one of these suppliers gives them nearly 10,000 victims instantly.”

Put simply, Magecart could have stolen the credit card information of thousands of people across various websites, by merely targeting only a few companies. Some of the third-party companies allegedly compromised by Magecart include SocialPlus, PushAssist, Clarity Connect and Annex Cloud.

Ticketmaster uses SocialPlus. So, while Inbenta (a third-party software provider) has been established as the entry point for the malicious attack on its systems, at least one other source containing the skimmer had access to the Ticketmaster websites.

So, there could be a lot more to the recent Ticketmaster data breach than first thought.

What does this mean?

Because many shops use these third-parties, RiskIQ claims to have “identified nearly 100 top-tier victims, mainly online shops of some of the largest brands in the world.” It’s not yet clear which e-commerce sites have been affected.

Cyberthreat expert Ross Brewer has said that: “Third party data breaches are a growing problem for businesses. Hackers are persistent. They’re redirecting their attention to smaller, third-party suppliers that can act as a gateway to more lucrative targets. As the saying goes, you’re only as strong as your weakest link, which means if one of your third-party partners doesn’t have the same commitment to data protection, any tools you have in place are essentially rendered useless.”

What now?

There is more to this story than victims were initially told. And, while early estimates predict that 40,000 people in the UK have had their payment details swiped. It now looks likely that this number is much, much higher.

However, regardless of who was behind the attack, Ticketmaster was responsible for keeping your data safe, and this is something it has failed to do.

The Ticketmaster data protection breach has compromised customer names, addresses, email addresses, phone numbers, payment details and Ticketmaster login details. Data that can be used by cybercriminals to steal money from you, apply for credit in your name, set up fraudulent bank accounts and more.

So, if you have suffered damage or distress caused by this hack, you have a right to claim compensation. Ticketmaster has said that it has informed those involved, so if you have received this email let us know!

Data breaches often have severe consequences for those affected so you could be entitled to around £5,000 in compensation.

With data breaches on the rise, something has to be done to make big companies accountable for data losses, so claiming compensation isn’t just in your best interests, it could be the only way to ensure that businesses everywhere implement more secure processes.


1 reply

Trackbacks & Pingbacks

  1. […] Earlier this year we reported that cybersecurity analysts RiskIQ believed that the Ticketmaster data theft was part of a larger credit …. […]

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply