, ,

Ticketmaster Data Breach Worse Than Thought

ticketmaster data breach claim

Last week, Ticketmaster revealed a significant breach of user payment details after cybercriminals hacked the company’s website. The data breach affects Ticketmaster, TicketWeb and the resale website Get Me In!

Appallingly, it has since been reported that Ticketmaster knew about the data breach two months before it revealed its payment pages had been hacked, AND that some customers of the ticket sales company have had their cards used fraudulently.

To make matters worse, while Ticketmaster has declined to say how many of its customers have been affected – and is referring all press inquiries to its PR agency – early estimates predict that 40,000 people in the UK have had their payment details swiped. However, the number could be even higher.


The Ticketmaster data protection breach has compromised customer names, addresses, email addresses, phone numbers, payment details and Ticketmaster login details. Digital bank Monzo believes that some Ticketmaster customers have had their cards used on money transfer service Xendpay, Uber gift cards and Netflix (among other items).

Along with the financial info stolen, the hackers also gained access to personally identifiable information (PII). PII includes any data that can be used to identify a specific individual, and, if it gets into the wrong hands, it can be used to undertake identity fraud.  For example, with enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

Signs that criminals have used your data following the Ticketmaster data breach include:

  • Bills or emails showing goods or services you haven’t ordered
  • Unfamiliar transactions from your account
  • An unexpected dip in your credit score
  • Unsolicited communications that ask for your personal data or refer you to a web page asking for personal data.

Crucially, it doesn’t matter if you haven’t lost out financially as a result of the hack. A personal data breach is a 21st-century version of being burgled and being the victim of a crime can have a significant impact on you mentally and physically. So, if the data breach has caused you stress or anxiety, then the law agrees that you are entitled to compensation.


While Ticketmaster was the victim of a cyber-attack, it was responsible for protecting your personal information. So, if you have suffered damage or distress caused by this hack, you have a right to claim compensation.

According to Monzo, it warned Ticketmaster that it might be at risk as early as April, but an internal investigation failed to reveal any security issues.

Commenting on this case, Natasha Vernier, Head of Financial Crime at Monzo said:

 “On Friday 6th April, around 50 customers got in touch with us to report fraudulent transactions on their accounts and we immediately replaced their cards.

“After investigating, our Financial Crime and Security team noticed a pattern: 70% of the customers affected had used their cards with the same online merchant between December of last year and April this year. That merchant was Ticketmaster. This seemed unusual, as overall only 0.8% of all our customers had used Ticketmaster.”

As the matter intensified, between 19-20 April, Monzo sent out six thousand replacement cards to customers who had used Ticketmaster. However, on 19 April, Ticketmaster claimed that there was no evidence of a breach. It also said that no other banks were reporting similar security patterns.


Now having to defend this behaviour, Ticketmaster is blaming third-party supplier Inbenta for the security breach. And, it has been confirmed that the hack occurred due to a single piece of JavaScript code customised by Inbenta to meet Ticketmaster’s requirements. Identifying a weakness in this code, attackers used this vulnerability to extract customer information as they were paying for tickets.

However, the Inbenta CEO has said that:

 “Ticketmaster directly applied the script to its payments page, without notifying our team. Had we known that the customized script was being used this way, we would have advised against it, as it incurs greater risk for vulnerability.”

Either way, it is likely that Ticketmaster or Inbenta was negligent in safeguarding your data due to insufficient security systems. Just because they were a victim of a crime does not mean they are any less liable.

Worryingly, a senior software developer at a leading UK cybersecurity company has added:

“If the malicious actor had access to this ‘backend’ what else have they done and what dormant malicious code could still be residing ready to activate?”

 With data breaches on the rise, something has to be done to make big companies accountable for data losses, so claiming compensation isn’t just in your best interests, it could be the only way to ensure that businesses everywhere implement more secure processes.


UK customers who purchased, or attempted to buy, tickets between February and June 23 this year may be at risk, as well as international customers who purchased, or tried to purchase, tickets between September 2017 and June 23.

Ticketmaster has said that it has informed those involved. But, while it has offered customers free security software, it has not provided data breach compensation.

If you have been emailed by Ticketmaster and told that your details are at risk, make sure that by agreeing to any free offers, you are not inadvertently signing away your rights to make a data breach compensation claim.


With an ICO investigation now underway into the Ticketmaster data breach, whoever is to blame for this appalling data protection failure will no doubt have to pay a hefty fine. And, while the ICO does not award data breach compensation, our data breach solicitors can help you with that.

We have already been contacted by a high number of Ticketmaster customers who are worried that their personal data was not looked after as carefully as it should have been.

In response, at Hayes Connor, we are preparing to launch compensation claims for everyone who has had their data accessed in the Ticketmaster data breach. Depending on the numbers involved we may even start a group action against Ticketmaster.

To start your compensation claim, you will need you to register with us. We’ll let you know what is happening in this case and if and when you can make a data breach compensation claim.

Data breaches often have severe consequences for those affected so you could be entitled to around £5,000 in compensation.


0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply