Dedicated to the Business of Contemporary Live Music

Ticketmaster could face a multi-million-pound fine over data hack

1 July 2018
Ticket Master

TICKETMASTER (TM), which admits that its systems had been hacked, could face a fine of more than £17.6 million, or four per cent of turnover, under the European Union’s new General Data Protection Regulations (GDPR), which came in to affect on 25 May.

The Live Nation Entertainment-owned company says the breach is a result of  “malicious software” on third-party customer support partner Inbenta Technologies, a California-based “chatbot” provider, which may have compromised the data of around five per cent of its global customers, some 11.5 million people.

Information which may have been compromised includes customers’ names, addresses, email, telephone numbers, payment details and TM login details.

The data breach has not only affected TM’s primary platform, but also its Ticketweb division and customers using its resale site GetMeIn, as Inbenta’s product was running across all three.

The company, which says it identified the problem on 23 June, has called in forensic and security experts to identify how the data had been accessed and was working with the Information Commissioner’s Office (ICO), as well as credit card companies, banks and relevant authorities.

However, digital bank Monzo says it warned TM of its concern about a series of dubious transactions on 12 April and was told the ticketing giant would investigate internally. The bank replaced the cards of 50 customers who had reported fraudulent transactions on 6 April. It then carried out an investigation that found 70 per cent of affected customers had used their cards with TM in the past five months.

UK-based TM customers who purchased, or attempted to purchase, tickets between 23 February and 23 June may be affected as well as international customers who purchased or attempted to purchase tickets between September last year and 23 June.

TM has contacted all potentially affected customers, advising them to reset their passwords and offering them a free 12-month identity monitoring service. Customers in North America are not affected.

In a statement, the company says, “As soon as we discovered the malicious software, we disabled the Inbenta product across all Ticketmaster websites.”

A few weeks ago, US company Ticketfly was hacked, with around 27 million customers’ data potentially compromised, including names, addresses, email and phone numbers (see Audience issue 221).

The San Francisco-based company was taken offline after what it described as a “cyber incident” on 31 May.

It took until 6 June for the website to be fully functioning again, forcing some of the company’s promoter and venue clients to cancel or rearrange a number of shows.

Other Stories

Viagogo-StubHub merger blocked by watchdog

4 February 2021
THE COMPETITION and Markets Authority (CMA) has ruled that controversial ticket resale website Viagogo must sell off its StubHub business outside North America, concluding a…
Read more

Glastonbury cancelled for second year

27 January 2021
TICKET-BUYERS who placed a £50 deposit on a ticket to Glastonbury Festival (cap. 147,500) in October 2019 have been offered the chance to roll it…
Read more