Ticketmaster data breach may have hit Australian and New Zealand customers

International ticket vendor Ticketmaster has “identified malicious software on a customer support product hosted by Inbenta Technologies, an external third-party supplier to Ticketmaster”.

Potentially compromised information includes:

  • Names
  • Addresses
  • Email addresses
  • Telephone numbers
  • Payment details
  • Ticketmaster login details

International customers who purchased, or attempted to purchase, tickets on the site between September 2017 and 23 June 2018 may be affected.

A Ticketmaster Australia spokesperson told SBS News that “there are no confirmed cases of data breaches affecting Australians at this stage”.

However, as a precaution, the company is contacting customers in Australia and New Zealand who made purchases on the site during this period.

What is Ticketmaster doing about the breach?

Ticketmaster has assured customers that the Inbenta product was disabled across all websites as soon as the malicious software was discovered.

Customers who may have been affected have been contacted and told to monitor their bank statements for any suspicious activity.

The company has also instructed them to reset their passwords upon their next login, and has offered them 12 months’ free identity monitoring.

If you have not been contacted, Ticketmaster does not believe you have been affected.

Ticketmaster Australia has created a website for its customers that provides details of the breach.

On the site, Ticketmaster says the “forensic teams and security experts are working around the clock to understand how the data was compromised.

“We are working with relevant authorities, as well as credit card companies and banks.”

The importance of supply-chain security

According to the BBC, as many as 40,000 UK customers have been affected.

This latest incident highlights the importance of supply-chain security, particularly now the EU GDPR (General Data Protection Regulation) is in effect.

Under the GDPR, Ticketmaster, as a data controller, is responsible for the security of personal data processed on its behalf by its data processors – in this case, Inbenta. As a result, Ticketmaster faces administrative fines of up to €20 million or 4% of annual global turnover (whichever is greater).

The UK’s Information Commissioner’s Office is investigating and the National Cyber Security Centre is monitoring this latest incident.

Subscribe to our newsletter for updates about the latest cyber attacks, data breaches and information security best practice >>


The GDPR - key steps for companies in Asia-Pacific. Our compliance checklist will take you through the essential steps.