Ticketmaster admits user data was stolen in breach
Ticketmaster has admitted 40,000 customers' personal information and credit card details have been stolen in a data breach.
The ticket sales website said in a statement that it was hit by "malicious software" on Saturday through a third-party supplier to Ticketmaster.
All customers the company believes were affected – less than 5% of its customer base – have been contacted and advised to change their password.
In a statement on their website, Ticketmaster added customers in North America were not affected.
The company offered 12 months free identity monitoring service to anyone whose details may have been stolen.
The statement said: "On Saturday, June 23, 2018, Ticketmaster UK identified malicious software on a customer support product hosted by Inbenta Technologies, an external third-party supplier to Ticketmaster.
"As soon as we discovered the malicious software, we disabled the Inbenta product across all Ticketmaster websites."
It went on to say: "As a result of Inbenta's product running on Ticketmaster International websites, some of our customers' personal or payment information may have been accessed by an unknown third-party."
A spokesperson for the National Cyber Security Centre said they were aware of the incident and working with partners to understand what happened.
Ticketmaster added that it is working with relevant authorities, as well as credit card companies and banks, and had its own forensics teams and experts analysing the breach.
While the breach mainly affected UK customers, the company said those overseas were also being advised to change their passwords.
It said anyone who attempted to buy tickets between February and 23 June of this year, and international customers who bought or tried to buy tickets between September 2017 and 23 June 2018 could have been affected.
The software was running on Ticketmaster International, Ticketmaster UK, GETMEIN! and TicketWeb.
Affected data includes name, address, email address, telephone number, payment details and Ticketmaster login details.
Responding to the breach Leigh-Anne Galloway, a cyber security resilience expert at Positive Technologies, said: "Ecommerce merchants like Ticketmaster are a classic target, because of the valuable payment information they hold.
More from Science & Tech
"If you've used Ticketmaster, you should quickly change your passwords and closely monitor your bank account for suspicious activity.
"Personal data is sold on the internet in bulk, so if you use that password for any other sites you should also change those sites as well."