Ticketmaster UK has notified tens of thousands of customers that they might be at risk for identity theft and credit card fraud due to a data breach, potentially affecting anyone who bought concert, theater, or sporting event tickets between February 2018 and June 23, 2018, The Guardian reports.
On June 23, Ticketmaster detected malware on a customer support tool hosted by Inbenta Technologies exporting UK customer data (names, physical and email addresses, phone numbers, payment details, and Ticketmaster logins) to an unknown party. Less than 40,000 of its reported 230 million global customers were compromised in the incident, it says.
However, Ticketmaster could come under fire for not disclosing the breach sooner. Monzo, a digital bank, first spotted customers' cards being misused in April and figured out all those affected had shopped at Ticketmaster. Monzo claims it notified Ticketmaster but couldn't get a response. It told customers who had purchased through the site to replace their cards and watch for fraudulent activity from sites including Uber, Netflix, and Xendpay.
Jeannie Warner, security manager at WhiteHat Security, says businesses can prevent third-party software breaches by working with stakeholders to establish vendor security standards, and then communicating those standards to vendors and regularly monitoring vendors' security.
"Educate them, answer their questions, and get their commitment to meeting the standards," she explains. "Establish a timeline to make them achieve compliance, if they are not already compliant."
Read more details here.
Why Cybercriminals Attack: A DARK READING VIRTUAL EVENT Wednesday, June 27. Industry experts will offer a range of information and insight on who the bad guys are – and why they might be targeting your enterprise. Go here for more information on this free event.