Incident Of The Week: Ticketmaster U.K. Data Breach Impacts 40K

Vuln. Traced To Third-Party Customer Service Software



Dan Gunderman
06/29/2018

In the dynamic world of cyber security, breaches are both tightly guarded and, sadly, imminent.

Combing through data, market research and threat-defense efforts taken by enterprises can be a daunting task. Here at Cyber Security Hub, we both track the latest industry news and make it more navigable for the IT professional. Cyber Security Hub coverage extends outwards – as it helps enterprises batten down their proverbial hatches.

In this edition of “Incident of the Week,” we examine a data breach at a leading ticketing provider, Ticketmaster. The company suffered a security breach which may have impacted up to 40,000 customers.

The link appears to be third-party customer support product Inbenta Technologies, which reportedly contained a vulnerable, and customized, piece of JavaScript code.

Ticketmaster said that personal or payment information may have been accessed by an unauthorized party. In the wake of the attack, affected customers have been notified.

The personally identifiable information (PII) in question in the breach includes: names, addresses, email addresses, telephone numbers, payment details and account-specific login details, the BBC writes.

It’s believed that this latest data breach only engulfed U.K. users, and specifically customers who purchased tickets, or attempted to do so, between February and June 23, 2018.

See Related: Incident Of The Week: Data Breach Touches Highest Levels Of Australian Govt.

Jordi Torras, CEO of Inbenta Technologies, said in a statement that “it has been confirmed that the source of the data breach was a single piece of JavaScript code that was customized by Inbenta to meet Ticketmaster’s particular requirements.”

The CEO said the code is not part of any of Inbenta’s products or present in its other implementations. Torras said Ticketmaster applied the script to its payment page “without notifying our team,” and would have advised against it.

He said the attacker(s) located, modified and used the script to extract payment information of Ticketmaster customers.


In Response

Reaching out to affected customers, Ticketmaster said it created a website to help answer questions and take remedial steps (i.e., resetting passwords). What’s more, the company is offering a free 12-month identity monitoring service.

The incident response effort also includes forensic teams and security experts working to investigate the breach of the popular ticketing service.

See Related: Incident Of The Week: U.K. Telecom Retail Breach Exposes 5.9M Records

The company is reportedly confident in its swift response. One month into the General Data Protection Regulation (GDPR), which outlines specific incident response measures (as well as data security standards), it is imperative to act quickly and transparently. The company said it informed relevant authorities, including the Information Commissioner’s Office.

The nation’s Cyber Security Centre is also monitoring the situation.

April Activity

Further, the digital bank, Monzo, has claimed it warned Ticketmaster in April about suspicious cyber-activity.

Monzo reportedly replaced bank cards for 50 customers who reported fraudulent transactions on April 6. An internal investigation then pointed to 70% of those customers using Ticketmaster in the previous months. Monzo reportedly alerted the ticket site of the activity.

After further complaints, the bank said it delivered 6,000 replacement cards to customers who had used Ticketmaster, according to the bank’s website.

Ticketmaster reportedly returned to the company saying that an internal investigation found no evidence of a breach and no additional banks were flagging fraudulent activity.

According to BT, a Ticketmaster spokesman said: “When a bank or credit card provider alerts us to suspicious activity, it is always investigated thoroughly with our acquiring bank, which processes card payments on our behalf. In this case, there was an investigation, but there was no evidence that the issue originated with Ticketmaster.”

Monzo’s Head of Financial Crime, Natasha Vernier, wrote on the company’s website that she was glad Ticketmaster has shared the information publicly so that their customers “can take steps to protect themselves.”

Be Sure To Check Out: Incident Of The Week: Top Crypto Exchange Hit With DDoS Attack