, ,

Ticketmaster Data Breach Worse Than Thought

ticketmaster data breach claim

Ticketmaster revealed a significant breach of user payment details after cybercriminals hacked the company’s website in 2018. The data breach affected Ticketmaster, TicketWeb and the resale website Get Me In!

But what happened in the Ticketmaster data breach and where are we now?

Ticketmaster admitted that a data breach took place due to third-party software on its website. This was subsequently removed, but not before the software accessed thousands of its customers’ personal and financial details.

HOW did Ticketmaster make matters Worse?

Appallingly, it was later reported that Ticketmaster knew about the data breach two months before it revealed its payment pages had been hacked, AND that some customers of the ticket sales company had their cards used fraudulently.

To make matters worse, while Ticketmaster declined to say how many of its customers were affected – and referred all press inquiries to its PR agency – estimates predicted that 40,000 people in the UK had their payment details swiped.



The Ticketmaster data protection breach compromised customer names, addresses, email addresses, phone numbers, payment details and Ticketmaster login details.

Digital bank Monzo believes that some Ticketmaster customers had their cards used on money transfer service Xendpay, Uber gift cards and Netflix (among others).

Along with the financial info stolen, the hackers also gained access to personally identifiable information (PII). PII includes any data that can be used to identify a specific individual, and, if it gets into the wrong hands, it can be used to undertake identity fraud.  For example, with enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

Signs that criminals have used your data following the Ticketmaster data breach include:

  • Bills or emails showing goods or services you haven’t ordered
  • Unfamiliar transactions from your account
  • An unexpected dip in your credit score
  • Unsolicited communications that ask for your personal data or refer you to a web page asking for personal data.


Yes. And crucially, it doesn’t matter if you haven’t lost out financially as a result of the hack. A personal data breach is a 21st-century version of being burgled and being the victim of a crime can have a significant impact on you mentally and physically. So, if the data breach has caused you stress or anxiety, then the law agrees that you are entitled to compensation.



At Hayes Connor Solicitors, we’re helping victims of the Ticketmaster data breach to claim compensation after their data was put at risk.

But, some nine months after the breach, what are the real-life effects of the Ticketmaster data hack?

  • 63% of all the clients we took on suffered multiple fraudulent transactions on their payment cards
  • 31% of all clients involved in this case suffered from distress and/or psychological trauma.



While Ticketmaster was the victim of a cyber-attack, it was responsible for protecting your personal information. So, if you have suffered damage or distress caused by this hack, you have a right to claim compensation.

According to Monzo, it warned Ticketmaster that it might be at risk as early as April 2018, but an internal investigation by the company failed to reveal any security issues.

Commenting on this case, Natasha Vernier, Head of Financial Crime at Monzo said:

 “On Friday 6th April, around 50 customers got in touch with us to report fraudulent transactions on their accounts and we immediately replaced their cards.

“After investigating, our Financial Crime and Security team noticed a pattern: 70% of the customers affected had used their cards with the same online merchant between December of last year and April this year. That merchant was Ticketmaster. This seemed unusual, as overall only 0.8% of all our customers had used Ticketmaster.”

As the matter intensified, between 19-20 April last year, Monzo sent out six thousand replacement cards to customers who had used Ticketmaster. However, on 19 April, Ticketmaster claimed that there was no evidence of a breach. It also said that no other banks were reporting similar security patterns.



Now trying to defend its behaviour, Ticketmaster is blaming a third-party supplier for the security breach. And, it has been confirmed that the hack occurred due to a single piece of JavaScript code customised by a third-party to meet Ticketmaster’s requirements. Identifying a weakness in this code, attackers used this vulnerability to extract customer information as they were paying for tickets.

However, it is likely that Ticketmaster was still negligent in safeguarding your data due to insufficient security systems. Just because they were a victim of a crime does not mean they are any less liable.

Worryingly, a senior software developer at a leading UK cybersecurity company has added:

“If the malicious actor had access to this ‘backend’ what else have they done and what dormant malicious code could still be residing ready to activate?”

 With data breaches on the rise, something has to be done to make big companies accountable for data losses, so claiming compensation isn’t just in your best interests, it could be the only way to ensure that businesses everywhere implement more secure processes.


UK customers who purchased, or attempted to buy, tickets between February and June 23 2018 may be at risk, as well as international customers who purchased, or tried to purchase, tickets between September 2017 and June 23 2018.

Ticketmaster has said that it has informed those involved. But, while it has offered customers free security software, it has not provided data breach compensation.

If you have been emailed by Ticketmaster and told that your details are at risk, make sure that by agreeing to any free offers, you are not inadvertently signing away your rights to make a data breach compensation claim.


With an ICO investigation now underway into the Ticketmaster data breach, whoever is to blame for this appalling data protection failure will no doubt have to pay a hefty fine. But the ICO does not award data breach compensation.

Over the last few months we’ve talked to hundreds of people who have been affected by this shocking privacy breach, and our compensation claim on behalf of 650 claimants is now in progress. But the clock is ticking and we soon may not be able to take on any more claimants.

We believe that we are the only UK legal firm currently launching a multi-party action against Ticketmaster. So, if you want to secure compensation for the impact the data breach has had on you, don’t leave it too late.

Why join our multi-party action?

Multi party actions give our clients more power against big businesses. This is because a group of people who have suffered the same or similar injuries due to the negligence of the same defendant (in this case Ticketmaster) join together to claim for compensation. In short, it gives us strength in numbers.

Data breaches often have severe consequences for those affected so you could be entitled to around £5,000 in compensation. Making a claim is simple and doing so sends a message to organisations everywhere that they must do more to protect their customers from identity and financial theft, and emotional distress.



0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply