Ticketmaster has been warning some Canadian customers that their data may have been compromised during a recent security breach.
An email sent by the ticket sales platform to customers this week reveals 91Ƶan unauthorized third party91Ƶ snagged information from a cloud database hosted by an unnamed third-party data services provider sometime between April 2 and May 18.
The email said the company determined on May 23 that some of its customers91Ƶ names, basic contact information, and payment card information such as encrypted credit or debit card numbers and expiration dates were part of the breach.
91ƵWe are fully committed to protecting your information, and deeply regret that this incident occurred,91Ƶ the email said.
The missive comes months after Live Nation, Ticketmaster91Ƶs Beverly Hills, Calif.-based parent company, said in regulatory filings that on May 27 91Ƶa criminal threat actor91Ƶ91Ƶ offered to sell Ticketmaster data on the dark web.
Several media outlets reported at the time that ShinyHunters, a cyberattack group thought to have formed in 2020, was behind the attack that allegedly scooped up data belonging to 560 million Ticketmaster users. (ShinyHunters has been linked to past attacks on tech giant Microsoft, telecom firm AT&T Wireless and storytelling site Wattpad.)
Ticketmaster spokespeople did not answer questions The Canadian Press sent them about the number of Canadians affected by the recent breach and instead provided a link to a web page the company has set up to address user queries about the incident.
The page said the company is working with authorities and cybersecurity experts, credit-card companies and banks to investigate the incident but has found no further unauthorized activity.
91ƵIt91Ƶs surprising to me that we continue to have these types of problems given the fact that there91Ƶs been so much attention paid, especially in the media, to issues around cybersecurity,91Ƶ said Robert Falzon, head of engineering at safety software business Check Point.
Statistics Canada data shows the country experienced 74,073 police-reported cybercrimes in 2022, up from 71,727 in 2021 and 33,893 in 2018. The actual number of cybercrimes may be even higher because many people are too embarrassed to report when they have fallen victim.
Indigo Books & Music Inc., Giant Tiger and London Drugs have all been among the organizations who faced cyber breaches in recent years.
In the case of Ticketmaster, Falzon pointed out that the vulnerability lay with a third-party data services firm, but the ticket sales business still has obligations.
91ƵIt remains their responsibility to manage their supply chain or manage their partners to make sure that they too are following the same standards to protect their user data,91Ƶ Falzon said.
91ƵAnd yet it seems like we continue to have challenges or risk or issues like this on an almost weekly basis.91Ƶ
The data hackers may have obtained can be particularly valuable, especially when combined with other data leaks or tidbits they glean from online profiles, he said.
For example, a bad actor could use the data to uncover your Facebook profile and if you91Ƶve posted about a disease you91Ƶre battling, it could then tailor further attacks on you to include information about the condition or potential cures.
If you received the email from Ticketmaster, Falzon recommended changing your password immediately and ensuring you91Ƶre not using it elsewhere.
91ƵEspecially if they91Ƶre one of those people that are using the same password repeatedly, it91Ƶs a great opportunity to go in and look at all the services that you used,91Ƶ he said.
He also suggested people set up multi-factor authentication, which requires people to enter a code that is texted or emailed to them to log into accounts. Multi-factor authentication can often be a deterrent for cyber attackers because it requires them to access more than one account or device.
Ticketmaster offered those affected by the breach one free year of credit-monitoring services and also recommended users monitor their bank activity and emails to ensure there91Ƶs no suspicious activity.
91ƵBe cautious of unsolicited emails from unknown senders, especially those with unusual content, links, attachments, or requests for personal information over the phone,91Ƶ the company warned.
READ ALSO:
