Ticketek Australia hit by data breach

Ticketek Australia is investigating a cyber incident impacting account holder information stored in a cloud-based platform from a global third-party supplier.

In a statement late on 31 May 2024, the event ticketing company said the available evidence at the time indicated that customer names, dates of birth and email addresses may have been impacted.

Ticketek has assured Australian customers that their passwords and credit card information have not been compromised.

The company uses secure encryption methods for online payments and a separate system to process online payments, which has not been impacted.

“Since our third-party supplier brought this to our attention, over the past few days we have worked diligently to put every resource into completing an investigation so that we can communicate with customers who may have been impacted, and other stakeholders, as quickly as possible,” it said.

“Our priority at this initial stage is to best protect our customers, people and all others who have entrusted us with their information. As such, we have already commenced notifying those customers who may have been impacted. We apologise for any concern that this news may cause – we will provide further updates as more information becomes available.”

Ticketek has since notified the Australian Cyber Security Centre, and is liaising with the Office of the Australian Information Commissioner and the National Office of Cyber Security regarding the incident.

In a LinkedIn post, Claire O’Neil, Australia’s minister for home affairs and minister for cyber security, noted that Ticketek has taken action to quickly identify and notify affected people.

“Where companies hold a significant amount of data, Australians expect that they look after it,” she said. “The number of recent breaches has demonstrated the importance of companies quickly alerting affected customers and offering them support.

“I'd ask Australians to be especially vigilant and on the lookout for scams during a time like this. In a breach like this, Australians need to be aware of scams including phishing emails. Be on the lookout for suspicious emails and contact cyber.gov.au for support and to report incidents.”

Ticketek is a different company to Ticketmaster, a subsidiary of Live Nation Entertainment that recently suffered a massive data breach, with the ShinyHunters hacking group claiming to have stolen 1.3TB of data from 560 million users, including personal and financial information.

The stolen data reportedly included names, addresses, emails, phone numbers, partial credit card details, and Ticketmaster account information.

Debrup Ghosh, senior product manager at Synopsys’ software integrity group, said companies offering a digital marketplace need to place special emphasis on protecting key customer data, especially personally identifiable information. “In the age of digital transformation, data is a valuable currency – hence, companies need to continually protect not only company IP [intellectual property], but also customer data that helps them study consumer preferences and build the product to better serve those consumer preferences,” he said.

Ghosh urged companies to invest in detection and prevention technologies that allow them to mitigate exposure from cyber attacks, which could impact consumer trust and lead to both direct financial impact from lost revenue, and also punitive legal damages that impact their business.