Ticketmaster notifies NZ customers of security breach

Ticketmaster has notified its New Zealand customers of a security breach of its UK-based operations in which personal and payment information may have been accessed by an unknown third party.

Ticketmaster UK today says it found malicious software on third-party customer support product Inbenta Technologies, which could have allowed someone else to access customers’ private data. It says it has since disabled the Inbenta product.

Ticketmaster says less than 5% of its global customer base has been affected and no customers in North America. Between 30,000 and 40,000 UK customers have had their data accessed.

This morning an email was circulated to New Zealand customers who bought tickets through Ticketmaster between September 2017 and June 23, 2018. It is unclear if the third party had access to data for this period. A notice also appeared on the company’s New Zealand website.

A Ticketmaster Australasia spokesman tells NBR there have been no confirmed cases in New Zealand and customers here are being notified as a precaution. 

"There's no concern about cases outside the UK but, as the situation changes, we will cooperate with the appropriate authorities," he says. 

In a statement, Ticketmaster says "forensic teams and security experts are working around the clock to understand how the data was compromised." It says it's working with authorities, credit card companies and banks.

All notified customers will need to reset their passwords during their next log-in. The company is also offering affected customers "a free 12-month identity monitoring service with a leading provider."

Ticketmaster says customers should monitor their account statements for evidence of fraud or identity theft and contact their bank or credit card provider if concerned.

The public disclosure of a breach comes just a month into new General Data Protection Regulation (GDPR) rules, which include requiring businesses to notify customers of breaches immediately.

Ticketmaster said it has complied with the GDPR regulations.

Ticketmaster New Zealand reported gross profit of $23 million in the financial year ended December 31, 2017.

A spokesman for privacy commissioner John Edwards says Ticketmaster will keep him up to date on its investigations into the breach. 

New privacy legislation currently making its way through Parliament includes a provision for compulsory data breach disclosure.

All content copyright NBR. Do not reproduce in any form without permission, even if you have a paid subscription.