The federal privacy commissioner has announced an investigation into Ticketmaster Canada, which was hit by a cybersecurity incident earlier in 2024 that impacted the personal information of millions of people.
“Data breaches have surged over the last decade, and we have seen a significant increase in the scale and complexity of these incidents,” Privacy Commissioner of Canada Philippe Dufresne said in a July 31 statement.
“The investigation will allow us to understand why this cyber incident happened and what must be done to address this situation and prevent it from happening again.”
The privacy commissioner said the investigation, which was launched in response to a complaint, will examine Ticketmaster’s compliance with the federal private-sector privacy law. It will look at the company’s practices “with respect to security safeguards and whether the company complied with breach notification requirements.”
The Epoch Times reached out to Ticketmaster for comment on the investigation, but didn’t hear back before publication time.
According to Ticketmaster, the data breach was found on an “isolated cloud database” that was hosted by a third party. That database had information on customers who got tickets to events in Canada, the United States, and Mexico.
A hacking group called ShinyHunters claimed it stole the user data of more than 500 million Ticketmaster customers and demanded a ransom of $500,000.
Following the incident, Ticketmaster said it had been “diligently investigating” the incident with the assistance of outside experts, and was cooperating with U.S. federal law enforcement authorities. It also made some technical and administrative changes such as rotating passwords for accounts associated with the targeted cloud database, reviewing access permissions, and increasing alerting mechanisms.
Ticketmaster has also offered customers free identity monitoring by TransUnion, which would look out for personal data on the dark web and provide customers with alerts if the information is found.
