Ticketmaster is now notifying customers whose data was exposed in a security incident that hackers say affected over half a billion individuals.
According to recent reports, Ticketmaster began sending electronic data breach notifications to an unknown number of impacted customers beginning in late June, weeks after the security incident made headlines.
In May, the infamous threat actor group ShinyHunters said they had stolen the personal information of 560 million Ticketmaster customers – data available for a one-time sale of half a million dollars.
At the end of May, Live Nation, Ticketmaster’s parent company, was busy investigating the alleged breach; the latest updates surfaced this week.
In an email to victims, Ticketmaster says unauthorized parties obtained customer information from one of their cloud databases hosted by a third-party provider between April 2 and May 18, 2024.
According to the data breach notification sample shared with the Office of the Maine Attorney General, the company has been “diligently investigating this incident with the assistance of outside experts and is fully cooperating with federal law enforcement agencies.”
The letter says the delayed notice was not due to a law enforcement investigation: “We have additionally taken a number of technical and administrative steps to further enhance the security of our systems and data,” the letter reads.
“These measures include rotating passwords for all accounts associated with the affected cloud database, reviewing account permissions, and increased alerting mechanisms deployed in the environment.”
Ticketmaster’s updates on the data security incident posted on the company website say the breach impacted “customers who bought tickets to events in North America (U.S, Canada and/or Mexico).”
“This may include email, phone number, encrypted credit card information as well as some other personal information provided to us,” Ticketmaster explains.
As for the impacted information, the Maine filing lists over 1,000 impacted residents alongside their names and other personal identifiers.
The data breach letter sample also lacks many details, specifically listing “name, basic contact information, and other “extras” depending on the individual.
As you may know, ShinyHunters’ ad for selling the stolen database from Ticketmaster contained more than just names and basic contact information or encrypted cc numbers from customers.
The listing clearly specified names, addresses, emails, phone numbers, ticket sales, event information, credit card details (last four digits of used credit card, expiry date), and “customer fraud details.”
Customers will receive data breach notifications via email or first-class mail only if the company believes that “your sensitive information was involved.”
Ticketmaster recommends customers keep a close eye on their bank accounts for suspicious activity and be cautious of any unsolicited messages. The company also urges impacted customers to enroll in free identity monitoring service for 12 months, as specified in the data breach letter.
While the company says “accounts were not affected,” we still urge all Ticketmaster customers to consider updating their password.
Many data breach letters or notices lack specific details and comprehensive security measures to help victims protect their identity and secure their digital footprint against misuse.
Bitdefender Digital identity Protection is an extremely feature-rich service that not only offers insights into the extent of your digital persona, but also helps you mitigate risks to your identity in case of a data breach.
This is what you get when you subscribe:
tags
Alina is a history buff passionate about cybersecurity and anything sci-fi, advocating Bitdefender technologies and solutions. She spends most of her time between her two feline friends and traveling.
View all postsDecember 24, 2024
December 19, 2024
November 14, 2024