TicketMaster - Data Security Breach

ArrBee

Mr.S wrote: »

If you google the service, it gets pretty poor reviews.

Essentially the service will scrape the internet for data dumps of personal data (a bit like https://haveibeenpwned.com) and notify you if your details popup.

A far better option is to just cancel your card that was used on Ticketmaster & change your passwords for other, non ticketmaster, accounts that shared the same password.

Just remember that IF your card(s) get used, Irish banks are fairly quick at noticing fraud, and if charges go through, you'll get the money back.

Yeah I was aware how it worked etc. But I was wondering if it offered more (identity fraud) than just notifying around credit card number trading without actually increasing my risk by holding so much info in 1 place. Especially given the massive data breach last year at an equivalent company last year.

As it happens, mastercard seemed to have been notified on the Sat that Ticetmaster "discovered" the issue as they sent a cancellation notice to my bank that day and I wasn't able to use it on the Sunday.

In my case, I've decided not to bother with the 12months service, but have changed both email address and password for ticket master and have a new credit card.

Coinsguy

Does the number end in 35 by any chance? Because I'm in the same boat

John Hutton

My current account was emptied last night. Really regretted not cancelling my card when I got the Ticketmaster email. I have to wait for a letter now and go the Gardaí and may be until the end of next week before it's sorted.

The lady from the bank said she couldn't confirm I would be refunded it would have to be looked at first.

I said did she think it was scanned at am ATM, she said probably not and said unprompted that it was probably Ticketmaster if I used them (which reminded me of the email) she also said that she thinks the timeframe they gave for when their site was hacked is wrong and it went back much further

Call me Al

John Hutton wrote: »

My current account was emptied last night. Really regretted not cancelling my card when I got the Ticketmaster email. I have to wait for a letter now and go the Gardaí and may be until the end of next week before it's sorted.

The lady from the bank said she couldn't confirm I would be refunded it would have to be looked at first.

I said did she think it was scanned at am ATM, she said probably not and said unprompted that it was probably Ticketmaster if I used them (which reminded me of the email) she also said that she thinks the timeframe they gave for when their site was hacked is wrong and it went back much further

Really sorry to read that John Hutton.
I got a call from my cc provider to cancel my card wrt this fraud last Friday . Your comment 're the timescale matches something I was told. I was on a ticket master list they'd received.
He said he suspects it had been going on for 18 months.

ArrBee

And this is one of the negative aspects of all debit cards using visa these days... any breach can drain your money, then you have to chase to get it back.
At least with a credit card, you can dispute charges etc.

John Hutton

ArrBee wrote: »

And this is one of the negative aspects of all debit cards using visa these days... any breach can drain your money, then you have to chase to get it back.
At least with a credit card, you can dispute charges etc.

Once I get this sorted I'm going to get a credit card for online purchases.

I've never had one because I don't like the idea of it but I've been left in an awkward position now (I had just been paid so I'm stuck now)

Fann Linn

As an aside, I heard this morning that Willie Walsh of British Airways, is in the sh1t because a large amount of their customers details were compromised. Apparently, some legal firm is taking a case and it is reported that all concerned should be compensated and will receive approx £1000.

Is there anyway TM could be held liable and perhaps then they may get their house in order?

fed_u

I had a fraudulent transaction on my credit card. when I looked back one of the last transactions was TM so convinced that's where my details were gotten from!

ArrBee

Fann Linn wrote: »

Is there anyway TM could be held liable and perhaps then they may get their house in order?

Surely the answer has to be "yes"
Especially if there has been financial damage as a result as is being claimed.

It my be tricky to prove that the damage leads back to TM though??

There may even be a case to answer when fraudulent activity has not occurred?
The breach itself or mishandling of customer data my be punishable.

In my case, I found out due to my card being cancelled without me knowing.
The credit card company wouldn't even tell me the real reason, only that mastercard had had issued a request to cancel at a time that coincided with the reported discovery by TM.
it was a pain to be left without a card for 2 weeks while a new one was organised. I missed out on at least 1 online bargain because of it!

Exclamation Marc

ArrBee wrote: »

Surely the answer has to be "yes"
Especially if there has been financial damage as a result as is being claimed.

It my be tricky to prove that the damage leads back to TM though??

There may even be a case to answer when fraudulent activity has not occurred?
The breach itself or mishandling of customer data my be punishable.

In my case, I found out due to my card being cancelled without me knowing.
The credit card company wouldn't even tell me the real reason, only that mastercard had had issued a request to cancel at a time that coincided with the reported discovery by TM.
it was a pain to be left without a card for 2 weeks while a new one was organised. I missed out on at least 1 online bargain because of it!

It's tricky because yes, ticketmaster are liable for the loss of data. Thats one issue and one liability.

As regards financial liability, generally speaking if someone has been made aware that their card has been compromised and chooses not to cancel their card, the bank will look to make the person liable for any financial loss post-warning as they didn't act on the warning, hence Mastercard just cancelling the cards outright without looking for consent.

ArrBee

Exclamation Marc wrote: »

It's tricky because yes, ticketmaster are liable for the loss of data. Thats one issue and one liability.

As regards financial liability, generally speaking if someone has been made aware that their card has been compromised and chooses not to cancel their card, the bank will look to make the person liable for any financial loss post-warning as they didn't act on the warning, hence Mastercard just cancelling the cards outright without looking for consent.

Good point!

John Hutton

Whilst we have no evidence to suggest your data has been compromised, we are notifying you out of an abundance of caution.


The above was a piss poor warning

The Nal

All they asked for is a password change right? They didnt ask people to cancel cards.

Exclamation Marc

The Nal wrote: »

All they asked for is a password change right? They didnt ask people to cancel cards.

They noted that personal and payment information may have been taken.

They gave a half arsed warning on cards:

"We recommend that you monitor your account statements for evidence of fraud or identity theft. If you are concerned or notice any suspicious activity on your account, you should contact your bank(s) and any credit card companies."

Fann Linn

The Nal wrote: »

All they asked for is a password change right? They didnt ask people to cancel cards.

Twas safer to cancel the card.

smacl

fed_u wrote: »

I had a fraudulent transaction on my credit card. when I looked back one of the last transactions was TM so convinced that's where my details were gotten from!

I've had credit cards hack on a few occasions over the last number of years and really it hasn't been a huge problem. They cancel the card, read through the transactions in reverse chronological order to the hack date, reverse out the dud transactions, and send out a new card. I've never been left out of pocket, only minor issue once was it happened when I was out of the country but I had an alternative card.

That said, as a rule these days I tend to use PayPal where it's an option, don't let sites store my card details where it isn't, and use Dashlane to manage and store strong passwords for all sites that I use.

billybonkers

New mail just received from TM

Data security incident by third-party supplier
We are writing to you regarding the recent data incident involving Inbenta Technologies, an external third-party software supplier that used to provide services to Ticketmaster.

As you may already be aware, as soon as we discovered that Inbenta’s technology was serving malicious software to the Ticketmaster UK site, we disabled the Inbenta product across all Ticketmaster websites.

As a result of Inbenta’s product running on the Ticketmaster UK website, some of our customers’ personal or payment information may have been accessed by an unknown third-party.

Our forensic teams and security experts have been working diligently to understand how the data was compromised.

As part of this investigation, we have uncovered evidence that suggests that you may have purchased, or attempted to purchase, tickets between February and June 23, 2018 and therefore may have been affected by the Inbenta incident.

We continue to work with the Information Commissioner’s Office (ICO), as well as credit card companies, banks and relevant authorities in their ongoing investigation into the malicious third-party behind the attack.

What we are doing:

Ticketmaster has established a dedicated website security.ticketmaster.co.uk to answer any questions you may have about the Inbenta incident. You can also contact fan.help@ticketmaster.ie
As a precautionary measure, all notified customers will need to reset their passwords when they next log into their accounts
We are offering impacted customers a free 12 month identity monitoring service with a leading provider. To request this service please visit this page
We recommend that you monitor your account statements for evidence of fraud or identity theft. If you are concerned or notice any suspicious activity on your account, you should contact your bank(s) and any credit card companies.

We understand the importance of your personal information. We take the protection of that information very seriously and we are sorry to have to write to you in these circumstances.



Faithfully,

The Ticketmaster Team

TheIrishGrover

Got a call today from Avantcard (Formally MBNA) abut cancelling my card. There were no dodgy transactions but it seems they are reissuing cards to everyone by default