Ticketmaster UK is alerting its customers to a third-party security incident that may have compromised their information.
On a website for customers whose data may have been compromised after a security incident involving an Inbenta product, the ticket-selling company said a potential unknown third-party gained access to personal information, including names, addresses, email addresses, telephone numbers, payment details and Ticketmaster login details.
“On Saturday, June 23, 2018, Ticketmaster UK identified that malicious software on a customer support product hosted by Inbenta Technologies, an external third-party supplier to Ticketmaster, was exporting U.K. customers' data to an unknown third-party,” the company said in a statement describing the incident. “As soon as we discovered the malicious software, we disabled the Inbenta product across all Ticketmaster websites.”
Only certain U.K. customers who purchased or attempted to purchase tickets may have been affected but however, all Ticketmaster International customers outside the U.K. will need to reset their password as a precaution, the company said.
Patrick Hunter, director at One Identity noted that although Ticketmaster appears to have done all the right things such as identifying the malware and remediating the issue, they don't know how long the malware was in place or who was responsible. As a result, the company has fallen foul of the sub-processor parts of GDPR, he said.
“They need to make sure that they are compliant but so are all the third parties that share their consumer's data,” Hunter said. “They will need to look at their internal procedures and those of their suppliers again and find out how to stop these sort of things happening in the first place.”
All notified customers are being offered 12 months of identity monitoring services with a leading provider and customers have been urged to monitor their accounts for suspicious activity.