Ticketmaster on Wednesday disclosed a data breach reportedly caused by malware infecting a customer support system outsourced to an external company.
In a statement, Ticketmaster said some of its customer data may have been accessed by an unknown intruder. Email notifications were sent to customers who purchased tickets between February and June 23, 2018, the company said.
Names, addresses, email addresses, telephone numbers, and payment card details may have been compromised.
“Forensic teams and security experts are working around the clock to understand how the data was compromised,” the company said. “We are working with relevant authorities, as well as credit card companies and banks.”
Despite an apparent ongoing investigation, the company claimed Wednesday that less than 5 percent of its global customer base was affected. “Customers in North America have not been affected,” the company said.
The company said the breach occurred at Ibenta Technologies, a third-party supplier hosting a Ticketmaster customer support product. According to Ibenta’s website, the company provides an AI chat-based support agent able to reply to customer questions when live staff are unavailable.
An attempt to reach an Ibenta spokesperson by phone was unsuccessful.
This is the second breach in less than a month affecting online ticket retailers. In late May, Ticketfly revealed a breach that it later said impacted “approximately 27 million” customer accounts.
Ticketmaster said it learned of the incident on Saturday, June 23, and immediately disabled the Ibenta product across all of its websites. When customers next login to Ticketmaster, they’ll be asked to reset their passwords.
Ticketmaster also said it will offer free identity monitoring services to any customers impacted by the breach and has recommended customers monitor their account statements for any evidence of fraud.