Ticketmaster has warned customers of a data breach caused by third-party software. It believes the breach affects less than 5% of the organisation’s customers. The data breach is believed to affect around 40,000 UK customers and an unspecified number of international customers. It does not affect customers in North America.
Ticketmaster has also informed the Information Commissioners Office (ICO). Although the data breach has just been discovered, it is not new. The press release from Ticketmaster states that: “UK customers who purchased, or attempted to purchase, tickets between February and June 23, 2018 may be affected as well as international customers who purchased, or attempted to purchase, tickets between September 2017 and June 23, 2018.”
This should be enough for the company to avoid a fine under GDPR. However, it will have to explain why it took so long to uncover the breach. The length of time that the breach has been running will also concern Inbenta Technologies, the third-party whose software is the cause of this breach.
What is known about the data breach?
Ticketmaster has stated: “On Saturday, June 23, 2018, Ticketmaster UK identified malicious software on a customer support product hosted by Inbenta Technologies, an external third-party supplier to Ticketmaster.
“As soon as we discovered the malicious software, we disabled the Inbenta product across all Ticketmaster websites.
“Less than 5% of our global customer base has been affected by this incident. Customers in North America have not been affected.
“As a result of Inbenta’s product running on Ticketmaster International websites, some of our customers’ personal or payment information may have been accessed by an unknown third-party. “
What is not clear is how much personal and payment data may have been stolen in this data breach. It is likely to include contact data such as name, address, telephone number and email as well as some or all card data. Unfortunately, the statement from Ticketmaster is vague. It also fails to say if any of the data was encrypted – which would be industry best practice for payment card data.
What the company has done is email all customers it believes are affected. It has also advised all customers to change their passwords. In addition, it has brought in external security organisations to trawl through log files and other data to see how the breach occurred. While the blame is currently being laid at the door of Inbenta, we will have to wait until the investigation is complete to know exactly what caused the problem.
Ticketmaster has created this website with information about the data breach. It contains information on what customers should do and will be updated as it discovers new information.
Who are Inbenta Technologies?
Inbenta Technologies is an AI company whose products are used by a number of large sales organisations to improve customer service. It has a chatbot service that means companies do not have to employ large numbers of staff in call centres. The chatbot makes it easier and quicker for customers to find what they want.
All of this is tied to other parts of the AI solution. When a customer makes a purchase, the AI will look at what else they may be interested in. It will create a quick list of other items to try and improve sales.
Ticketmaster is not the only high profile company using Inbenta. Groupon is also a big user as are a number of European insurance company and banks. As a result, Inbenta will be just as keen as Ticketmaster to understand what went wrong and how. If, as implied by Ticketmaster, this is down to a problem with the Inbenta software, more companies could be affected.
What does this mean?
One of the big changes that GDPR has ushered in is faster reporting of incidents. This means that we are going to see an increase in companies announcing they have discovered data breach incidents. This is both good and bad.:
good because we will finally see the scale of the problem and organisations will have to address their data security
bad because people will quickly reach data breach overload.
At that point the danger is they stop caring about the risk.
For Ticketmaster, there will be significant questions to answer as to why this took so long to discover. Those same questions will be asked of Inbenta. However, so far, neither are responding to emails and have chosen to make no statement about which products were involved.
It is also important that Ticketmaster makes it clear what data was stolen. The current statement is too vague, to say the least.
In addition, Customers need to be aware that this announcement could trigger a number of attacks from cyber criminals.
Brooks Wallace, Head of EMEA for Trusted Knight commented: “Anyone who is a Ticketmaster customer needs to watch out for phishing emails. After an incident like this, criminals from around the world will jump at the chance to try and catch a few unsuspecting people out. If you receive any emails purporting to be from Ticketmaster asking for any personal information, discard them. If you need to contact Ticketmaster, type the website address into your browser and log-in that way. It’s better to be safe than sorry.”