Ticketmaster confirms data breach as 560million users data stolen

THE POPULAR concert booking site Ticketmaster has confirmed that it was investigating a data breach after a hacking group claimed they gained access to their customers’ data.

The data breach was caused by the ShinyHunters, which claimed to have stolen personal information belonging to 560 million customers who had bought tickets from the platform and its parent company Live Nation.

Details the hackers claim to have obtained include full names, addresses, email addresses, phone numbers, ticket sales and event details, order information, and partial payment card data, according to Hackread.

The hacking organisation released evidence of the hack on the dark web earlier this week, according to a screenshot widely shared on social media networks.

According to the post, the organisation has demanded a ransom payment of $500,000 (€460,550) as a “one-time sale”.

Ticketmaster, situated in California, operates one of the world’s major online ticket sales platforms.

Live Nation Entertainment, the parent company of Ticketmaster, stated in a filing with the US Securities and Exchange Commission that it had “identified unauthorized activity within a third-party cloud database environment.”

According to Ticketmaster’s public filing, the company first identified “unauthorized activity” on May 20, a week before the post on social media.

They said: “We are working to mitigate risk to our users and the company, and have notified and are cooperating with law enforcement.”

Ticketmaster added: “As of the date of this filing, the incident has not had, and we do not believe it is reasonably likely to have, a material impact on our overall business operations or on our financial condition or results of operations.

“We continue to evaluate the risks and our remediation efforts are ongoing.”

The Australian government announced on Thursday that it was investigating the hacking allegations, with the support provided by the FBI.

According to the US Department of Justice, the hacker group ShinyHunters rose to prominence between 2020 and 2021 after uploading massive amounts of client data from over 60 companies.

At the start of the year, a court in Seattle jailed Sebastien Raoult, a French computer hacker who was a member of ShinyHunters.

Following his guilty plea to conspiracy to commit wire fraud and aggravated identity theft, he was sentenced to three years in prison and compelled to pay over $5 million in restitution.

The US Department of Justice launched a significant antitrust action last week attempting to break up Live Nation Entertainment’s and its Ticketmaster subsidiary’s alleged monopoly in the live music industry.

HOLIDAY SCAM ALERT

Meanwhile, Irish holidaymakers have been urged to be cautious as it emerged nearly €100 million was stolen through frauds and scams last year.

The exact figure, €98.6m, is an increase of 16.4 per cent on 2022, according to a new report by FraudSMART.

The study revealed that card fraud accounted for 95 per cent of fraudulent transactions and 36 per cent, or €35.2m, of gross fraud losses in 2023.

Card usage by consumers and businesses rose significantly overall, with the Central Bank of Ireland (CBI) reporting a 28.8 per cent increase in debit and credit card payments in 2023.

Fraudulent card payments increased by 8.2 per cent, according to the data, which is based on FraudSMART members AIB, Avant Money, Bank of Ireland and PTSB.

The report also noted that other types of fraud had lower volumes but higher average losses.

Unauthorised electronic transfers accounted for only 3 per cent of the volume but 34 per cent (€33.8 million) of losses.

This type of fraud occurs when someone makes a payment through mobile or online banking, without the account holder’s authorisation or permission, often called ‘account takeover’. It usually results from the loss or theft of sensitive payment data such as a victim’s account number or PIN.

It also showed that consumers and businesses were scammed out of €18.1 million through authorised push payment (APP fraud).