Ticketmaster says a recent data breach may have included customers’ personal information, including credit card details.
In a July 9 email to affected customers, the company said it believes the breach happened between April 2 and May 18.
“Ticketmaster recently discovered that an unauthorized third party obtained information from a cloud database hosted by a third-party data services provider,” the email said.
“The personal information that may have been obtained by the third party may have included your name, basic contact information, and payment card information such as encrypted credit or debit card numbers and expiration dates.”
The company advises customers to monitor their accounts and report any suspicious activity. It also recommends accessing an individual credit report.
Ticketmaster has also offered customers free identity monitoring by TransUnion.
“To further protect your identity and as a precaution, we are also offering you identity monitoring with TransUnion of Canada, Inc. (“TransUnion”), at no cost to you,” the company said.
TransUnion will monitor for any indication the customers’ personal data has made it onto the dark web, the email said, which is where personal information is sometimes sold by cybercriminals.
“Our comprehensive investigation – alongside leading cybersecurity experts and relevant authorities – has shown that there has been no more unauthorized activity,” it said, adding the database had information on some customers from Canada, the United States, and Mexico.
Ticketmaster says it has made some technical and administrative changes as a result, including rotating passwords for accounts associated with the targeted cloud database, review of access permissions, and an increase in alerting mechanisms.
It’s also said it is working with law enforcement in the United States.
