5 Seconds to Summer (image from Ticketmaster)
Ticketmaster was warned in April that it had been the victim of a hack attack, digital bank Monzo has claimed. Ticketmaster had previously said it did not know about the breach until June and had then acted quickly to inform “all relevant authorities”.
It has been contacted for comment.
But in an article published on its website, Monzo said it had replaced the bank cards of about 50 of its customers who had, on 6 April, reported fraudulent transactions.
And during the subsequent investigation, its financial crime and security team had noticed about 35 of them had used their cards with Ticketmaster in the previous five months.
In the following two weeks, Monzo said, it had seen eight more compromised cards, six of which had been used at Ticketmaster.
“Given the pattern that was emerging, we decided to reach out to Ticketmaster directly,” said Natasha Vernier, head of financial crime at Monzo.
“On Thursday 12 April, members of the Ticketmaster security team visited the Monzo office so we could share the information we had gathered.
“They told us they would investigate internally.”
The cause of the breach, which the BBC understands has affected up to 40,000 UK users, appears to be a customer-service chatbot employed by third-party Inbenta Technologies.
Over the next week, Monzo had found another nine cards had been used fraudulently and all of them had been used to make Ticketmaster transactions, it said.
Later that month, without naming the company, the bank sent out 6,000 replacements cards to customers who had used their cards at Ticketmaster.
“Throughout this period, we were in direct contact with Ticketmaster,” said Ms Vernier.
“On Thursday 19 April, they told us an internal investigation had found no evidence of a breach and that no other banks were reporting similar patterns.
She added she was now “glad to see that Ticketmaster has shared the information publicly”.
“It’s incredibly important that companies always work together to protect customers and we’ll always work hard to make sure this is the case,” she said.
Tony Pepper, chief executive office of security company Egress, said: “There are going to be a few eyebrows raised this morning about this breach and when Ticketmaster discovered it.
“Clearly data was at risk for some time and apparently Ticketmaster had been alerted to the issue.
“It is going to be interesting to see how the ICO [Information Commissioner’s Office] reacts when they get to the bottom of this, given the emphasis now placed on data breach reporting and reflected in the changes made under the GDPR [General Data Protection Regulation].”
The ICO said its inquires were “ongoing”.
https://www.bbc.com/news/technology-44642567
[Thank you to Alex Teitz, http://www.femmusic.com, for contributing this article.]