Ticketmaster starts notifying data breach victims; Customers in the US, Canada and Mexico are affected

Ticketmaster is now notifying customers whose data was exposed in a security incident that hackers say affected over half a billion individuals.

According to recent reports, Ticketmaster began sending electronic data breach notifications to an unknown number of impacted customers beginning in late June, weeks after the security incident made headlines.

Here’s a short recap of what happened

In May, the infamous threat actor group ShinyHunters said they had stolen the personal information of 560 million Ticketmaster customers – data available for a one-time sale of half a million dollars.

At the end of May, Live Nation, Ticketmaster’s parent company, was busy investigating the alleged breach; the latest updates surfaced this week.

In an email to victims, Ticketmaster says unauthorized parties obtained customer information from one of their cloud databases hosted by a third-party provider between April 2 and May 18, 2024.

According to the data breach notification sample shared with the Office of the Maine Attorney General, the company has been “diligently investigating this incident with the assistance of outside experts and is fully cooperating with federal law enforcement agencies.”

The letter says the delayed notice was not due to a law enforcement investigation: “We have additionally taken a number of technical and administrative steps to further enhance the security of our systems and data,” the letter reads.

“These measures include rotating passwords for all accounts associated with the affected cloud database, reviewing account permissions, and increased alerting mechanisms deployed in the environment.”

What type of data was involved?

Ticketmaster’s updates on the data security incident posted on the company website say the breach impacted “customers who bought tickets to events in North America (U.S, Canada and/or Mexico).”

“This may include email, phone number, encrypted credit card information as well as some other personal information provided to us,” Ticketmaster explains.

As for the impacted information, the Maine filing lists over 1,000 impacted residents alongside their names and other personal identifiers.

The data breach letter sample also lacks many details, specifically listing “name, basic contact information, and other “extras” depending on the individual.

As you may know, ShinyHunters’ ad for selling the stolen database from Ticketmaster contained more than just names and basic contact information or encrypted cc numbers from customers.

The listing clearly specified names, addresses, emails, phone numbers, ticket sales, event information, credit card details (last four digits of used credit card, expiry date), and “customer fraud details.”

Customers will receive data breach notifications via email or first-class mail only if the company believes that “your sensitive information was involved.”

What does Ticketmaster recommend?

Ticketmaster recommends customers keep a close eye on their bank accounts for suspicious activity and be cautious of any unsolicited messages. The company also urges impacted customers to enroll in free identity monitoring service for 12 months, as specified in the data breach letter.

While the company says “accounts were not affected,” we still urge all Ticketmaster customers to consider updating their password.

Use Bitdefender Digital Identity Protection to mitigate risks from data breaches, including Ticketmaster.

Many data breach letters or notices lack specific details and comprehensive security measures to help victims protect their identity and secure their digital footprint against misuse.

Bitdefender Digital identity Protection is an extremely feature-rich service that not only offers insights into the extent of your digital persona, but also helps you mitigate risks to your identity in case of a data breach.

This is what you get when you subscribe:

• 24/7 data-breach monitoring service that scours the deep and dark web for exposed personal information
• Real-time notifications if your data is found in a data breach
• A 360-degree view of your digital footprint by connecting your email account to detect services that may hold your sensitive information automatically. This includes online accounts you may have forgotten about.
• Helps you minimize your digital footprint through automated data opt-outs or data requests sent to service providers
• Industry-first Identity Protection score that helps you understand the extent of a data breach and how it can impact your online safety, privacy, and finances.
• Concise 1-click action items to decrease your risks, detailed reports and expert guidance