Ticketmaster Data Breach

You’ve probably seen the news from earlier this week that ticket selling giant Ticketmaster’s UK site had suffered a data breach. Around five per cent of Ticketmaster customers, a little less than 40,000 people, are affected with several people reporting being scammed out of money as a result.


Some insights from security experts that you might find useful:

Daniel Brody, Product Leader, Fraud Protection, Cyxtera:

“A data breach may happen outside of a bank’s perimeter or control, but it doesn’t absolve them of responsibility for the breach’s mitigation. There are negative consequences if they do not take steps to protect their institution and users from breaches that occur elsewhere. To limit the undesirable effects of a third-party’s breach, financial institutions should make sure they have the following tools in place to avoid legal liabilities, protect customers from monetary losses, and preserve their brand reputation:

•         Fraudulent transaction and activity detection: In this type of monitoring, transactions that do not make sense in the context of normal user activity, such as those carried out by a cybercriminal, are flagged for investigation and scrutiny. It is interesting to note that the bank that notified Ticketmaster about the breach also had monitoring in place that could analyze the transaction histories of the victimized customers and determine where the compromise took place. This “common point of compromise” detection is essential for quickly finding the source of breaches, narrowing down the pool of potentially affected customers, and then notifying those customers before money can be stolen from their accounts.

•         Compromised card monitoring: After a breach, stolen credit and debit cards are often placed for sale on black market sites, often located on the dark web, allowing cybercriminals to turn a profit from their attacks. Financial institutions must be able to monitor such sites for any of their own organization’s cards that turn up on them. Such black market monitoring helps institutions to mitigate card fraud before any money is actually charged on a stolen card. Black market monitoring also allows banks to know exactly which cards were compromised, so they don’t waste resources on reissuing cards to customers that weren’t affected by a breach.

•         Strong, multi-factor authentication: This type of protection asks customers to submit an additional authentication factor to confirm their identities beyond a user name and password. When a data breach occurs, requests for that additional authentication factor through push or text messages can alert customers to transactions that are being performed with their stolen card. This type of security helps involve end users in their own security and cuts down on the amount of false positive cases to investigate”.


Chris Olson, CEO, The Media Trust:

 “The TicketMaster breach shows that organizations are continuing to ignore the risks that their direct and indirect digital third parties pose to their digital assets’ security. And in today’s GDPR world, leaving those risks unaddressed can hurt their bottomline and their brand. As regulators conduct their surveillance of organizations serving EU citizens, organizations need to ensure they have a continuously updated inventory of their digital third parties, what those third parties do, and whether those parties’ activities have been authorized. Without such an inventory, you are leaving your business wide open to a supply chain attack.”