More has emerged – slowly – about the Ticketmaster hack that compromised the personal details of over 560 million customers. Remember the first anyone heard of the hack was from the hackers – ShinyHunters – not from Ticketmaster – when they were attempting to sell the stolen data online. Ticketmaster then told its shareholders of the data theft. It is still a bit vague exactly what information the threat actors have stolen – Ticketmaster has not categorically confirmed this yet.
Customers in North America have been advised to take action – “be vigilant and take steps to protect against identity theft and fraud.” In some circumstances is paying for affected customers to sign up to idenity theft protection services.
Ticketmaster hack: Customers told to sign up to security service – BBC News
Watch out for those phishing emails!
Ticketmaster has also advised their customers, in an email, to watch out for suspicious emails that appear to be from them.
This is always going to be hard one, when trying to deal with the fallout from a cyber security breach – you want to warn your stakeholders they may phishing emails because of your breach, but you have to use email to inform them. A no win situation.
How did this happen?
It has confirmed that its systems were compromised, following the theft of data from a third-party – Snowflake – a cloud storage company that Ticketmaster was working with.
Your Takeaway
The first thing is to have a Cyber Security Response Plan ready before the event. I have written about that here:
Ransomware – The Impact – CyberAwake
As part of that plan make sure you assess your third-party suppliers – although Snowflake had an international reputation before this event. I am always suspicious of suppliers that refer to themselves as partners to my clients, when in reality they are simply selling them a service.
Clive Catton MSc (Cyber Security) – by-line and other articles
Further Reading
Do you use Ticketmaster for your events? | Smart Thinking Solutions