Ticketmaster is alerting customers one by one in the U.S., Mexico and Canada about a data breach affecting account holders’ personal information, banking details and encrypted credit cards.
In the “notice of data breach” email and an online post headlined “Ticketmaster Data Security Incident,” Ticketmaster says the unauthorized activity took place between April 2 and May 18.
The company said it learned on May 23 of the breach on “an isolated cloud database hosted by a third-party data services provider.” The company did not disclose the name of that third-party vendor.
The New York Times in May reported in late May that the breach by the hacker group ShinyHunters affected more than 500 million Ticketmaster customers.
The company said the breach affected customers’ basic information, including their name, date of birth, banking information and credit card numbers and expirations dates. The company did not disclose in the email or its notice how many customers were part of the breach.
“We take data protection very seriously and have been working with the relevant authorities, including law enforcement, as well as credit card companies and banks,” Ticketmaster stated in its online post.
The company said its accounts “remain secure.”
Ticketmaster said that if customers had not received a letter by email or first-class mail, they likely were not among those affected by the data breach. It recommends customers who did get a letter or email monitor their banking records, change their passwords and consider a year’s worth of free “identity” monitoring.
Related links
Justice Department preparing Ticketmaster antitrust lawsuit
Ticketmaster antitrust probe deepens with new document requests
The state of ticket-buying is in flux as bots and third-party sellers enrage music fans
California lawmakers attempt crackdown on hidden fees
Taylor Swift ticket trouble could drive political engagement
The same day Ticketmaster was learning about the data breach, the U.S. Department of Justice and 30 state and district attorneys general filed an antitrust lawsuit against the company and its and parent, Live Nation Entertainment. The sweeping suit accused the companies of running an illegal monopoly over live events in America — squelching competition and driving up prices for fans.
The lawsuit is looking to break up the alleged monopoly the government argues is hurting smaller promoters, artists and fans.
Live Nation has long denied violating antitrust laws and on May 23 that the lawsuit “won’t solve the issues fans care about relating to ticket prices, service fees, and access to in-demand shows.”
Ticketmaster merged with Live Nation in 2010, becoming the world’s largest ticket seller.
In recent weeks, more details came to light about another big breach affecting AT&T customers.
A cyberattack in 2022 on the telecommunications giant exposed records from “nearly all” of its customers, the company said July 12. The breach did not compromise the content calls or texts, according to AT&T.
“We have taken steps to close off the illegal access point,” AT&T said in a statement. The company said it was working with law enforcement to identify anyone involved, and one person had been arrested.
The data that was compromised included files containing records of calls and texts from more than 100 million wireless and landline customers from May 2022 through October 2022. Records from Jan. 2, 2023 also were breached for a small number of customers, the company said, though it wasn’t specific.
The Associated Press and New York Times contributed to this report.