TEG’s Ticketek suffered a major data breach over the past week, affecting millions of Australian customers.
According to the ticketing company, a “cyber incident” occurred, where hackers gained access to users’ account information — which was stored in a cloud-based platform, hosted by a third party supplier. Ticketek notified the Australian Cyber Security Centre, the National Office of Cyber Security, and the Office of the Australian Information Commissioner.
User information stolen includes full names, dates of birth, and email addresses.
Ticketek emailed affected customers, noting that Ticketek has “secure encryption methods in place” and customers’ Ticketek accounts have “not been comprised.” The company assured that secure encryption is used to handle credit card information and does not hold identity documents for its customers.
“Our third party supplier brought this to our attention, over the past few days we have worked diligently to put every resource into completing this investigation, so that we can communicate with you as quickly as possible,” Ticketek said in the email.
The news follows another major data breach last week from U.S.-based ticketing giant Ticketmaster, owned by Live Nation. During the breach, the “hacker” group ShinyHunters has claimed it has cracked the Ticketmaster system and accessed some 1.3 terabytes of data, which includes names, addresses, credit card numbers, phone numbers, and payment details, involving 560 million customers globally. The information is said to be up for sale on the dark web, with an asking price of $500,000.
While it is unclear which markets were impacted in the hack, or what percentage of consumers impacted are from what markets, the risk for any impacted consumer is very high, given the highly sensitive data that appears to be involved.
On Thursday, the online platform VX-Underground — which is described as the largest collection of malware source code, samples, and papers on the internet — said they spoke to multiple individuals “privy to and involved in” the alleged Ticketmaster breach. These individuals claimed the hack took place in April by an unidentified “threat group,” defined as one that intends to cause harm to the cyber realm.
While this wouldn’t be the first time Ticketmaster suffered a data breach, this hacker claim would be among the largest ever reported.
