The U.K. arm of Ticketmaster detected a major security breach on June 23, 2018 when it identified malicious software on a third-party customer support product hosted by Inbenta Technologies. The product was immediately disabled across all Ticketmaster websites.
The breach was first spotted by digital bank Monzo several months earlier. Monzo has said it notified the Live Nation-owned company about a significant security issue on April 12, although Ticketmaster did not publicly announce it until June 27, more than two months later.
At the time, Ticketmaster said less than 5 percent of its global customer base had been potentially impacted, limited mostly to the U.K. and not affecting users in North America. It acknowledged that some of its customers’ personal or payment information may have been stolen by an unknown third party.
Neither Ticketmaster nor Live Nation have ever stated how many customers’ data was accessed, although the number is understood to be around 40,000 U.K. customers who purchased tickets between February and June 23 of last year from Ticketmaster’s main U.K. platform, or sister sites TicketWeb and Get Me In!
Information potentially stolen included customers’ name, address, email address, telephone number, payment details and login details. All affected customers have been contacted.
In a statement, Hayes Connor managing director Kingsley Hayes said the law firm had launched its legal action “following unsuccessful negotiations with Ticketmaster which maintains that it is not liable for the data breach and the subsequent damages suffered by its customers.”
The law firm claims that more than two-thirds of its clients suffered “multiple fraudulent transactions” as a result of the data breach. It said the impact on those affected had been “significant stress and heightened anxiety” and that some had to take time off work as a result. The “effect on victims is significant and ongoing,” it added.
“Stolen personal information, particularly in instances where a significant number of individuals are involved, is often used in batches so some victims may yet to experience any fraudulent activity, however, may still be at risk,” warned Hayes.
Ticketmaster declined to comment. Investigations into the security breach by the Information Commissioner’s Office (ICO) and National Crime Agency (NCA) -- working alongside specialist officers from the National Cyber Crime Unit (NCCU) -- are ongoing.