Skip to content

Ticketmaster notice of privacy breach months after hack triggers customer backlash

The ticket sales giant sent emails to potentially affected customers this week, warning that their personal information may have been compromised in a security breach
Stock image

Ticketmaster users across North America are being notified that their personal information may have been compromised in a security breach that happened months ago, triggering backlash from customers annoyed by the company’s response.

The California-based ticket sales giant said it discovered unauthorized activity on an isolated cloud database hosted by a third-party data services provider between April 2 and May 18. On May 23, the company said it learned that some personal information of customers may have been affected, such as names, emails, phone numbers, or encrypted credit-card information.

“We know how important your personal information is and we take its protection very seriously,” the company wrote on its website.

The company has sent emails to potentially affected customers this week, warning that their personal information may have been intercepted. It’s also sending letters in the mail.

Many customers have taken to social media to express their frustration with the company, which appears to extend beyond privacy and into other issues like steep fees. Ticketmaster and its parent company, Live Nation Entertainment, were recently sued by the U.S. Justice Department for allegedly having an illegal monopoly over live events.

Ticketmaster user Rachel Talalay said in an email that she would be asking her bank for advice on cancelling her credit card and wasn’t happy about the wording of the email she received from the company after the breach.

“It’s insult to injury to tell me to ‘be vigilant’ after they had a massive breach,” she said in an email.

Jim Meaney said he was surprised to receive an email from Ticketmaster on Tuesday because it had been at least a year since he used it.

“I haven’t bought tickets from Ticketmaster in quite a while, so the data must be fairly old,” he said.

Ticketmaster did not answer questions emailed to it by The Globe and Mail, but responded with a link to its website.

Ross Saunders, a director at Bamboo Data Consulting and digital privacy expert, said he wants to know why Ticketmaster waited so long to alert those affected by the breach after discovering it. He said those whose data may have been compromised should be on the lookout for signs of credit card fraud or identity theft.

“You may want to cancel your cards and get credit cards issued if that information happens to be decrypted down the line,” he said.

In its email to affected users, Ticketmaster said they could register for a 12-month free identity monitoring service would be available through TransUnion of Canada, Inc.

“Identity monitoring will look out for your personal data on the dark web and provide you with alerts for one year from the date of enrollment if your personally identifiable information is found online,” the company wrote in its email to users.

Mr. Meaney said he has registered for similar monitoring services in the past as the victim of a different privacy breach and intends to take advantage of Ticketmaster’s offer.

But Mr. Ross said while Ticketmaster’s offer is a nice gesture, its timeline won’t outlast the risk affected customers could face.

“I’ve been a victim of identity theft, and it happened about two years after the information got out there. So, there’s probably a good likelihood that it would happen within the first while, but the risk with privacy and personal information being out there is it could be used at a later stage,” he said.

Ultimately, Mr. Ross said people can take steps to protect themselves such as not saving their credit card information for convenience, but the duty to protect customers rests largely on the company itself.

“There’s not much a customer can do when the connection is behind the scenes, and that’s what’s getting exploited. So, it’s very vital that the companies that handle personal information are also looking after it correctly,” he said.

On its website, Ticketmaster said it’s working with law enforcement, credit card companies and banks to investigate the incident, and has found no further unauthorized activity. Additionally, it said it’s taking steps to enhance its security, such as rotating passwords for potentially affected accounts, reviewing access permissions and increasing alerting mechanisms.

Mr. Meaney said he has no plans to stop using Ticketmaster, or other online services that ask for his personal information because in many cases, he simply has no other choice.

“I know I need to be careful, but I’m not going to change the way I live because of it,” he said.