INSUBCONTINENT EXCLUSIVE:
Ticketmaster UK announced on its site yesterday that it identified malicious malware on June 23rd that had affected nearly five percent of
their customers, allowing an unknown third-party access to customers& names, email addresses, telephone numbers, payment details and login
information between February 2017 and June 23rd, 2018.
The company says the breach can be traced back to an AI chat bot it uses to help
answer customers& questions when a live staff member is unavailable
The software designer,Inbenta, confirmed that the malware had taken advantage of one piece of JavaScriptthat was written specially for
Ticketmaster use of the chat bot.
However, both companies have confirmed that as of June 26th the vulnerability has been resolved
In its statement, Ticketmaster told customers that affected accounts had been contacted and were offered a free 12-month identity monitoring
service as a consolation as soon as the company became aware of the breach.
But, according to U.K
digital bank Monzo, Ticketmaster was informed of the breach in April.
In a statement released by its Financial Crime team today, Monzo
describes the events from its perspective
On April 6th, the bank began to notice a pattern of fraudulent transactions on cards that had been previously used at Ticketmaster
Out of 50 fraud reports the bank received that day, 70 percent of cards had made transactions on Ticketmaster in the last several
months.
&This seemed unusual, as overall only 0.8% of all our customers had used Ticketmaster,& saidNatasha Vernier, head of Financial Crime
at Monzo, in the statement.
On April 12th, Monzo says it expressed its concerns directly to Ticketmaster and that the company said it would
&investigate internally.& In the week to follow, Monzo received several more Ticketmaster-related fraud alerts and made the decision to
replace roughly 6,000 compromised cards over the course of April 19th and 20th, without mentioning Ticketmaster.
During that same period,
Ticketmaster told Monzo that its completed internal investigation had shown no evidence of a breach.
This puts Ticketmaster in an awkward
position, because under the 2018General Data Protection Regulations (GDPR), companies are required to report information of a breach within
It uncertain, based on the timeline of events, if Ticketmaster will be held to these standards or the now-overturned 1998 standards, but
either way the water is starting to heat up around the ticket dealer.
We&ve reached out to Ticketmaster for comment but the company did not
reply by the time of publication.
