The breach was found by Ticketmaster UK on Saturday June 23rd, 2018 and affected less than 5% of their global customer base. However, “Customers in North America have not been affected”. The breach stems from an external third-party supplier Inbenta Technologies. Inbenta uses AI and machine learning to provide chatbots that offer “perfect customer interaction”. Ticketmaster uses the technology to aid customers struggling with ticket purchasing.
In an official statement Ticketmaster said,
“As soon as we discovered the malicious software, we disabled the Inbenta product across all Ticketmaster websites…We have contacted customers who may have been affected by the security incident. UK customers who purchased, or attempted to purchase, tickets between February and June 23, 2018 may be affected as well as international customers who purchased, or attempted to purchase, tickets between September 2017 and June 23, 2018.”
Ticketmaster still isn’t 100% sure as to which data was leaked, however they believe that “name, address, email address, telephone number, payment details and Ticketmaster login details,” were taken. Since the breach they said they have been working with relevant authorities, as well as credit cards and banks. Also, Ticketmaster is working with these authorities to find the cause of the attack/
What’s particularly interesting about this breach is the timeframe. It falls between two different data protection acts. The Data Protection Act (DPA) 1998 and the DPA 2018 – the UK’s version of GDPR. The two documents have very different consequences, DPA 1998 can levy fines of £500,000, while DPA 2018 can levy fines up to £17 million, or 4% of an organization’s annual turnover, whichever is higher.
Deciding which legislation is relevant is the Information Commissioner’s Office (ICO); a spokesman told IT Pro “ It’s still very, very early days and we’re still in the evidence gathering stage, and will assess it from there.”
To prevent similar breaches from happening to your organization, feel free to reach out and see we can solve your cybersecurity needs.
Secure Sense is the security provider that cares. We are a team of experts with a passion for IT and protecting your organization is what motivates us daily. If you have questions or want to learn more about how we can improve your organization’s security, our services or just want to chat security please give us a shout. If you’re looking to guest blog, please send an email here.