Ticketmaster has confirmed it has been the victim of a data breach.
The ticket sales company said in a statement that it had identified malicious software on a customer support product hosted by Inbenta Technologies, an external third-party supplier to Ticketmaster.
As a result, some of the company’s customers’ personal or payment information may have been accessed by an unknown third-party.
The statement said: “As soon as we discovered the malicious software, we disabled the Inbenta product across all Ticketmaster websites.
“Less than 5% of our global customer base has been affected by this incident. Customers in North America have not been affected.”
The firm has contacted those affected by the incident, warning that UK customers who purchased, or attempted to purchase, tickets between February and June 23, 2018 may be affected as well as international customers who purchased, or attempted to purchase, tickets between September 2017 and June 23, 2018.
“If you have not received an email, we do not believe you have been affected by this security incident based on our investigations,” it said.
“Forensic teams and security experts are working around the clock to understand how the data was compromised. We are working with relevant authorities, as well as credit card companies and banks.”
Impacted customers are being offered a free 12-month identity monitoring service with a leading provider.
Commenting on the breach, industry expert Sven Dummer, Director at Janrain, said: “The Ticketmaster data breach, assumedly caused by malware on the systems of third-party supplier Ibenta, illustrates how vitally important it is for companies to not only step up the security measures to protect personal data, but also to be fast and efficient when it comes to notifying authorities and impacted customers.
“The EU’s new data protection regulation, GDPR, requires companies to inform customers within 72 hours after the discovery of a breach, and for good reason. Time is of the essence here. The more time bad actors have to abuse and exploit stolen data, the higher the risk that real damage is done to real people — with potentially significant impact on their financial, professional and personal safety.”