Latest Post

Lake Erie Cyclefest returns this weekend Man pleads guilty to robbery and murder of rapper Pop Smoke

Ticketmaster has warned some Canadian customers that their data may have been compromised in a recent security breach.

Ticketmaster has warned some Canadian customers that their data may have been compromised in a recent security breach.

An email the ticket sales platform sent to customers this week revealed that sometime between April 2 and May 18, “an unauthorized third party” accessed information from a cloud database hosted by an unnamed third-party data service provider.

The email said the company discovered on May 23 that the data breach affected some of its customers’ names, basic contact details, and payment card information, such as encrypted credit or debit card numbers and expiration dates.

“We are fully committed to protecting your data and deeply regret that this incident occurred,” the email said.

The letter came months after Live Nation, Ticketmaster’s Beverly Hills, Calif.-based parent company, said in regulatory filings that on May 27, “a criminal threat actor” offered to sell Ticketmaster data on the dark web.

Multiple media outlets reported at the time that ShinyHunters, a cyberattack group believed to have been founded in 2020, was behind the attack, which allegedly stole data from 560 million Ticketmaster users. (ShinyHunters has been linked to previous attacks on tech giant Microsoft, telecommunications company AT&T Wireless and storytelling site Wattpad.)

A Ticketmaster spokesperson did not respond to questions sent by The Canadian Press about the number of Canadians affected by the latest data breach, instead providing a link to a webpage the company has set up to answer user inquiries about the incident.

The site says the company is working with authorities, cybersecurity experts, credit card companies and banks to investigate the incident, but has not identified any further unauthorized activity.

“I’m surprised that we continue to struggle with these kinds of problems, given that cybersecurity issues have received so much attention, especially in the media,” said Robert Falzon, chief technology officer at security software company Check Point.

Data from Statistics Canada shows that there were 74,073 police-reported cybercrimes in the country in 2022, compared to 71,727 in 2021 and 33,893 in 2018. The actual number of cybercrimes may be even higher, as many people are too embarrassed to report if they have been a victim.

Indigo Books & Music Inc., Giant Tiger and London Drugs were among the companies that fell victim to cyberattacks in recent years.

In the case of Ticketmaster, Falzon pointed out that the vulnerability lies with an external data services company, but the ticket selling company still has obligations.

“It remains their responsibility to manage their supply chain or their partners to ensure that they also adhere to the same standards to protect their user data,” said Falzon.

“And yet it seems as if we face challenges, risks or problems like these almost every week.”

The data the hackers may have obtained could be particularly valuable, especially when combined with other data leaks or information they gleaned from online profiles, he said.

For example, a malicious actor could use the data to uncover your Facebook profile. If you have posted about a disease you suffer from, they could then launch further attacks against you that include information about the disease or possible cures.

If you receive the email from Ticketmaster, Falzon recommends changing your password immediately and making sure you don’t use it anywhere else.

“Especially if you’re dealing with people who are repeatedly using the same password, this is a great opportunity to look at all the services they use,” he said.

He also suggested implementing multi-factor authentication, which requires users to enter a code sent to them via SMS or email to log into accounts. Multi-factor authentication can often be a deterrent for cyber attackers because it requires them to access more than one account or device.

Ticketmaster offered one year of free credit monitoring services to those affected by the data breach and also recommended that users monitor their banking activity and emails to ensure no suspicious activity was taking place.

“Be cautious of unsolicited emails from unknown senders, especially those with unusual content, links, attachments, or requests for personal information over the phone,” the company warned.

— With files from The Associated Press

This report by The Canadian Press was first published July 9, 2024.

Tara Deschamps, The Canadian Press