Ticketmaster alerts Canadian customers of data breach

Global ticket sales and distribution company Ticketmaster has alerted its Canadian customers to a potential data breach that may have exposed sensitive information.

 

In an email this week, the company disclosed that an unauthorized third party accessed a cloud database managed by a third-party data services provider between April 2 and May 18.

 

The breach, discovered on May 23, potentially compromised customers’ names, contact information, and encrypted payment card details, including card numbers and expiration dates. The email emphasized Ticketmaster’s commitment to protecting customer information and expressed regret over the incident.

 

This warning comes just months after Ticketmaster’s parent company, Live Nation, reported a criminal actor attempting to sell Ticketmaster data on the dark web in late May. Reports indicated that ShinyHunters, a cyberattack group active since 2020 and linked to breaches involving Microsoft, AT&T Wireless, and Wattpad, was responsible for the attack.

 

While Ticketmaster did not disclose how many Canadians were affected, it directed customers to a dedicated web page for further information. The company stated it is collaborating with authorities, cybersecurity experts, credit card companies, and banks to investigate the breach and has found no additional unauthorized activity since the incident.

 

Robert Falzon, head of engineering at Check Point, expressed concern over recurring cybersecurity issues despite heightened awareness and media coverage. He emphasized that while the vulnerability stemmed from a third-party service, Ticketmaster remains responsible for managing its partners and supply chain to ensure data protection.

 

Statistics Canada reported 74,073 police-reported cybercrimes in 2022, a rise from previous years, suggesting that actual figures could be higher due to underreporting by victims. Other Canadian companies, including Indigo Books & Music Inc., Giant Tiger, and London Drugs, have also experienced recent cyber breaches.

 

Falzon advised affected customers to change their passwords immediately, particularly if used across multiple services, and to enable multi-factor authentication to enhance security. Ticketmaster offers one year of free credit monitoring to those impacted and recommends monitoring bank accounts and emails for suspicious activity.

 

The company cautioned customers to be wary of unsolicited emails from unknown senders, especially those with unusual content, links, attachments, or requests for personal information.