Skip to content

Ticketmaster says data security incident may affect users' personal information

Ticketmaster has been warning some Canadian customers that their data may have been compromised during a recent security breach.
18607d94-218a-4cdc-89bb-3ee4aef99963
In this photo taken Monday, May 11, 2009, Ticketmaster tickets for a concert are shown at a box office in San Jose, Calif. (AP Photo/Paul Sakuma)

Ticketmaster has been warning some Canadian customers that their data may have been compromised during a recent security breach.

An email sent by the ticket sales platform to customers this week reveals "an unauthorized third party" snagged information from a cloud database hosted by an unnamed third-party data services provider sometime between April 2 and May 18.

The email said the company determined on May 23 that some of its customers' names, basic contact information, and payment card information such as encrypted credit or debit card numbers and expiration dates were part of the breach.

"We are fully committed to protecting your information, and deeply regret that this incident occurred," the email said.

The missive comes months after Live Nation, Ticketmaster's Beverly Hills, Calif.-based parent company, said in regulatory filings that on May 27 “a criminal threat actor’’ offered to sell Ticketmaster data on the dark web.

Several media outlets reported at the time that ShinyHunters, a cyberattack group thought to have formed in 2020, was behind the attack that allegedly scooped up data belonging to 560 million Ticketmaster users. (ShinyHunters has been linked to past attacks on tech giant Microsoft, telecom firm AT&T Wireless and storytelling site Wattpad.)

Ticketmaster spokespeople did not answer questions The Canadian Press sent them about the number of Canadians affected by the recent breach and instead provided a link to a web page the company has set up to address user queries about the incident.

The page said the company is working with authorities and cybersecurity experts, credit-card companies and banks to investigate the incident but has found no further unauthorized activity.

"It's surprising to me that we continue to have these types of problems given the fact that there's been so much attention paid, especially in the media, to issues around cybersecurity," said Robert Falzon, head of engineering at safety software business Check Point.

Statistics Canada data shows the country experienced 74,073 police-reported cybercrimes in 2022, up from 71,727 in 2021 and 33,893 in 2018. The actual number of cybercrimes may be even higher because many people are too embarrassed to report when they have fallen victim.

Indigo Books & Music Inc., Giant Tiger and London Drugs have all been among the organizations who faced cyber breaches in recent years.

In the case of Ticketmaster, Falzon pointed out that the vulnerability lay with a third-party data services firm, but the ticket sales business still has obligations.

"It remains their responsibility to manage their supply chain or manage their partners to make sure that they too are following the same standards to protect their user data," Falzon said.

"And yet it seems like we continue to have challenges or risk or issues like this on an almost weekly basis."

The data hackers may have obtained can be particularly valuable, especially when combined with other data leaks or tidbits they glean from online profiles, he said.

For example, a bad actor could use the data to uncover your Facebook profile and if you've posted about a disease you're battling, it could then tailor further attacks on you to include information about the condition or potential cures.

If you received the email from Ticketmaster, Falzon recommended changing your password immediately and ensuring you're not using it elsewhere.

"Especially if they're one of those people that are using the same password repeatedly, it's a great opportunity to go in and look at all the services that you used," he said.

He also suggested people set up multi-factor authentication, which requires people to enter a code that is texted or emailed to them to log into accounts. Multi-factor authentication can often be a deterrent for cyber attackers because it requires them to access more than one account or device.

Ticketmaster offered those affected by the breach one free year of credit-monitoring services and also recommended users monitor their bank activity and emails to ensure there's no suspicious activity.

"Be cautious of unsolicited emails from unknown senders, especially those with unusual content, links, attachments, or requests for personal information over the phone," the company warned.

— With files from The Associated Press

This report by The Canadian Press was first published July 9, 2024.

Tara Deschamps, The Canadian Press