Ticketmaster UK is alerting its customers to a third-party security incident that may have compromised their information.
On a website for customers whose data may have been compromised after a security incident involving an Inbenta product, the ticket-selling company said a potential unknown third-party gained access to personal information, including names, addresses, email addresses, telephone numbers, payment details and Ticketmaster login details.
“On Saturday, 23 June, 2018, Ticketmaster UK identified that malicious software on a customer support product hosted by Inbenta Technologies, an external third-party supplier to Ticketmaster, was exporting UK customers' data to an unknown third-party,” the company said in a statement describing the incident. “As soon as we discovered the malicious software, we disabled the Inbenta product across all Ticketmaster websites.”
Only certain UK customers who purchased or attempted to purchase tickets may have been affected but however, all Ticketmaster International customers outside the UK will need to reset their password as a precaution, the company said.
Patrick Hunter, director at One Identity noted that although Ticketmaster appears to have done all the right things such as identifying the malware and remediating the issue, they don't know how long the malware was in place or who was responsible. As a result, the company has fallen foul of the sub-processor parts of GDPR, he said.
“They need to make sure that they are compliant but so are all the third parties that share their consumer's data,” Hunter said. “They will need to look at their internal procedures and those of their suppliers again and find out how to stop these sort of things happening in the first place.”
All notified customers are being offered 12 months of identity monitoring services with a leading provider and customers have been urged to monitor their accounts for suspicious activity.
Sarah Armstrong-Smith, Head Continuity & Resilience at Fujitsu UK & Ireland reiterates that because even the best-run organisation is vulnerable to an attack, we all need to collectively ensure that we're doing everything possible to proactively prevent a hack from happening: “What is clear from this latest attack is that every organisation, be it public or private, small or large, is vulnerable to an attack. Although there is no denying that organisational awareness is on the rise, those behind breaches are finding new and creative ways to bring an organisation to its knees.
“As attackers always have the initiative, even the best-run company could suffer from a hack or data theft. With GDPR in full force, companies need to be aware of all the channels cyber-criminals can use to infiltrate the company and steal data, and take proactive steps to safeguard it. The ripple effects of an attack no longer stay within the four walls of an organisation, and businesses of all sizes must remain on the front foot to proactively identify and manage threats instead of waiting for breaches to happen.
“After all, cyber-crime is not a probability, it is an inevitability. It will be the way in which organisations prepares for it, however, that can make all the difference.”
Ross Brewer, VP and MD EMEA, LogRhythm said: "We've said it many times, but organisations really need to have tools in place that can identify anomalous activity from the outset. Threat detection tools such as User and Entity Behaviour Analytics (UEBA) are intelligent enough to know what is legitimate behaviour on the network and what is not, allowing businesses to shut down unauthorised access before any data has been compromised. However, to avoid a 'weakest link' scenario, organisations must also ensure that all third party suppliers share their attitude and commitment to data protection. This is particularly important when it comes to GDPR, as robust security standards must extend to any supplier that shares customer data. Compliance aside, failure to assess the security measures of suppliers can result in serious reputational damage, as most customers will ultimately place blame on the organisation itself."
Adenike Cosgrove, cyber-security strategist, EMEA, Proofpoint: "This breach underscores why enterprise security teams must have clear visibility into the third-party applications running within their environments and appropriately secure them as more and more organisations rely on cloud-based solutions to conduct operations worldwide. Best practice calls for organisations to deploy a Cloud Access Security Broker (CASB) solution that combines user-specific risk indicators with cross-channel threat intelligence to analyse user behaviour and detect anomalies in third-party apps. Without this, organisations simply don't know when users and corporate data are at risk."