Ticketmaster Knew of Data Breach Months Before It Alerted Customers, Bank Says

June 29, 2018, 2:31 PM UTC

A malicious software breach that leaked the personal information of tens of thousands of Ticketmaster customers was known to the company for months before it alerted users and took action, according to a bank that says it warned the company.

Ticketmaster United Kingdom released a statement on Wednesday revealing that it had “identified malicious software on a customer support product hosted by Inbenta Technologies, an external third-party supplier to Ticketmaster.”

Less than 5% of Ticketmaster’s global customer base was affected by the breach, which leaked customers’ personal and payment information to an unknown third party, according to the company. No customers in North America were affected by the breach.

But the following day, Monzo, a mobile-only bank based in the UK, released its own statement, detailing how it had spotted signs of the breach and warned Ticketmaster in early April after around 50 of the bank’s customers reported fraudulent transactions on their accounts. Digging deeper, Monzo discovered a common denominator — 70% of the affected customers had used Ticketmaster between December 2017 and April 2018.

In the following days, Monzo’s Financial Crime and Security team reached out to other banks and the U.S. Secret Service to report their findings. On April 12, it reached out to members of Ticketmaster’s security team, who said they would investigate internally.

The following week, according to Monzo’s statement, Ticketmaster reported that an internal investigation had turned up no signs of a breach and that no other banks had reported fraud patterns involving Ticketmaster customers.

“When a bank or credit card provider alerts us to suspicious activity it is always investigated thoroughly with our acquiring bank, which processes card payments on our behalf. In this case, there was an investigation, but there was no evidence that the issue originated with Ticketmaster,” a Ticketmaster spokesperson said in a statement on Friday.

The company previously said that it did not identify the breach until June 23.

“We’re glad to see that Ticketmaster have shared the information publicly, so their customers can take steps to protect themselves. It’s incredibly important that companies always work together to protect customers, and we’ll always work hard to make sure this is the case,” said Natasha Vernier, head of financial crime for Monzo.

In light of the breach, Ticketmaster is offering all affected customers a free 12-month identity monitoring service.