Ticketmaster warns Canadians of data breach involving customer information

Article content

Ticketmaster Entertainment, LLC has informed Canadians of a “data security incident” involving customers who purchased tickets to events in North America.

It said the breach may have involved personal information including names, contact information and payment card information such as encrypted credit or debit card numbers and expiration dates.

“We are fully committed to protecting your information, and deeply regret that this incident occurred,” the notice said.

Article content

The ticket sales company, under parent Live Nation Entertainment, said the breach occurred between April 2 and May 18 and involved unauthorized activity by a third party.

The third party obtained information from a cloud database hosted by another third-party data services provider, it said.

Ticketmaster has not named which organization was involved in the hacking, but U.S. media outlets report that the black-hat criminal hacker group ShinyHunters may have stolen the data.

Wired reported last month that a ShinyHunters hacker said they gained access to Ticketmaster’s Snowflake cloud account — and others — by first breaching a third-party contractor.

Tickemaster said it has not seen any additional unauthorized activity in the cloud database since it began its investigation in mid-May.

In a filing made to the Attorney General of Maine, Ticketmaster said the total number of persons affected is over 1,000.

The company started notifying U.S. customers of the breach in late June but didn’t inform Canadian customers until July 8.

“We have been diligently investigating this incident with the assistance of outside experts,” it said in the email notice to Canadians. “We have also contacted and are cooperating with U.S. federal law enforcement authorities, and this notice has not been delayed due to law enforcement investigation.”

Article content

It added that it has taken measures to enhance the security of its systems and customer data. These include rotating passwords for all accounts associated with the affected cloud database, reviewing access permissions and increased alerting mechanisms.

It advises Canadian customers to monitor their accounts, bank and credit card statements and free credit reports for signs of suspicious activity. The company is also offering free 12-month identity monitoring with TransUnion of Canada Inc., which will look out for personal data on the dark web.

Ticketmaster accounts were not affected by the breach, it said, adding that users aren’t required to reset their password.

“Customers can continue to conduct business with Ticketmaster as normal and without issue,” it said.

Recommended from Editorial

In May, the U.S. Justice Department, along with 30 State and district attorneys general, filed a civil antitrust lawsuit against Ticketmaster and its parent company for “monopolization and other unlawful conduct that thwarts competition in markets across the live entertainment industry.”

• Email: [email protected]

Bookmark our website and support our journalism: Don’t miss the business news you need to know — add financialpost.com to your bookmarks and sign up for our newsletters here.

Share this article in your social network