- Ticketmaster said it spotted "malicious software" on a third-party customer support product.
- Less than 5% of its global customer base were impacted in the breach while customers in North America were untouched, the firm said.
Popular ticketing service Ticketmaster has admitted it suffered a data breach impacting nearly 5% of its entire global customer base. The company said personal information and credit card data of tens of thousands of users in the UK, Australia and other countries may have been compromised in the attack.
Ticketmaster UK said it "identified malicious software on a customer support product hosted by Inbenta Technologies" - one of its third-party tech suppliers. The company said it disabled the affected product as soon as it spotted the issue on Saturday, June 23. The Inbenta product was running on several of the company's websites including Ticketmaster International, Ticketmaster UK, GETMEIN! and TicketWeb websites.
Less than 5% of its global customers were affected in the breach while its customers in North American were untouched, the firm said.
"As a result of Inbenta's product running on Ticketmaster International websites, some of our customers' personal or payment information may have been accessed by an unknown third-party," the firm said in a statement on a dedicated website set up after the breach. "Forensic teams and security experts are working around the clock to understand how the data was compromised."
Scores of customers affected
Customer information that may have been compromised in the breach include names, addresses, email addresses, telephone numbers, payment details and Ticketmaster login details.
UK customers were purchased or attempted to purchase tickets between February and June 23, 2018, may have been affected by the breach. International customers who made transactions during this period have also been notified.
It is still unclear exactly how many customers worldwide were affected by the breach. Less than 40,000 UK customers were reportedly affected by the breach, a source familiar with the matter told Reuters. Ticketmaster claims to serve over 230 million customers across the globe every year.
The company is currently notifying affected customers of the breach. Users have been advised to reset their passwords and monitor their account statements for any suspicious activities and evidence of fraud or identity theft. Impacted customers are also being offered a free 12 month identity monitoring service with a "leading provider."
The breach comes just over a month after Europe's stringent General Data Protection Regulation (GDPR) went into affect that carries hefty fines for companies who fail to comply.
A spokesperson for UK's National Cyber Security Centre (NCSC) said: We are aware of a cyber incident affecting Ticketmaster. The NCSC is working with our partners to better understand the incident."