The threat group ShinyHunters claims to have captured 1.3 terabytes of Ticketmaster customer data, with payment information allegedly included, and the group is threatening to release the personal data unless a ransom of $500,000 is paid.

“560 million customers full details (name, address, email, phone),” ShinyHunters said in its post. “Ticket sales, event information, order details.” The dataset is said to contain payment information too, including cardholder names, the last four digits of credit card numbers and expiration dates.

ShinyHunters claims “much more” is included but did not provide further details. A sample has been published as proof of possession of the data.

Ticketmaster has not yet made an official statement about the incident.

According to Hackread, ShinyHunters has not received a response from the often-reviled ticketing company despite attempts to contact them. A spokesperson from the Australian Department of Home Affairs told ABC News that the agency is investigating the incident in cooperation with Ticketmaster.

ShinyHunters is run by one of the administrators of the notorious hacker forum Breachforums and has been linked to numerous high-profile hacking incidents in the past.

John Bambenek, president of Bambenek Consulting, said the good news is that some of the more sensitive information, including full card numbers, hasn’t been stolen, so this could likely be used for targeted phishing. “This is why the price of the database is so small compared to the number of records,” he explained.

Theoretically, large databases should be easier to secure as behavioral analytics, when deployed correctly, should detect and intervene when large numbers of records are accessed. “It should be easier to spot 500 million records leaving the door than 500,” Bambenek said.

Ani Chaudhuri, CEO of Dasera, said securing large datasets requires a comprehensive and dynamic data security posture management approach. “Organizations can manage the complexity and risks associated with large data landscapes by focusing on visibility, classification, encryption, continuous monitoring, and efficient integration,” he said.

This proactive stance protects sensitive information and, as a bonus, builds trust with customers and stakeholders, ensuring long-term data integrity and security.

Chaudhuri said while current encryption and data protection technologies are essential, they could be more foolproof–the Ticketmaster breach highlights the need for continuous improvement.

“Companies should adopt data security platforms and zero-trust architecture, where data is discovered, classified, and managed with an automated policy engine, and every access request is thoroughly vetted,” he said. “Regular updates and patches to software and systems are non-negotiable.”

(Additional) Reputational Damage Likely

Narayana Pappu, CEO at Zendata, recommended that affected Ticketmaster customers should closely monitor their email for new account creations and track credit/debit cards for transactions. “Create a pin with cell phone providers to protect against SIM swaps,” he added.

Pappu noted Ticketmaster has a significant market share of the ticket sale market, and incidents like this can have a significant long-term impact. “In the past, breaches have led to companies losing market share to key competitors,” he said. “The Ashley Madison and Equifax breaches are a couple of examples.”

Chaudhuri predicted the long-term impact of such a breach on Ticketmaster’s reputation and customer trust would be profound. To regain credibility, he said, Ticketmaster should be transparent about the breach, its impact, and the steps to prevent future incidents. “Offering support services like credit monitoring to affected customers can help rebuild trust,” he said.

A comprehensive review and overhaul of the company’s cybersecurity infrastructure, communicated openly to the public, would also demonstrate their commitment to safeguarding customer data.

Ticket to Hide

Ticketmaster is the company customers love to hate, thanks to its high service fees, customer service issues, a monopoly stranglehold on the market, bots scooping Swiftie tickets, a general lack of transparency—oh, and dynamic pricing.

It has also been the victim of data breaches in the past.

Back in 2018, Ticketmaster UK revealed the theft of personal data for more 40,000 of its UK customers to a website credit card skimming campaign called Magecart that has so far in total victimized 800 online merchants and counting.

Less than a year later, the company made headlines following another hack attack, and the company received a 1.25 million GBP fine from the Information Commissioner’s Office (ICO) for the 2018 data breach.

Data Breaches Impact Major Corporations

Ticketmaster is far from the only major corporation to suffer from a massive data breach—although the 560 million customers impacted places it comfortably in the upper echelons of the largest data breaches of all time. 

Tech giant Dell issued a notice earlier this month concerning a May 9 data breach, which reportedly affected more than 49 million customers worldwide.

Verizon’s latest Data Breach Investigations Report (DBIR) highlighted a three-fold increase in vulnerability exploitation as a primary method for initiating data breaches.

This aligns with Nuspire’s Q1 2024 Threat Landscape Report, which found a 52% rise in attempted exploits, suggesting a trend of hackers increasingly targeting software vulnerabilities in public-facing web apps as entry points into networks.

On a smaller scale but focusing on potentially more lucrative targets, a cyberattack by Ransomhub on Christie’s Auction House recently compromised the sensitive data of 500,000 customers.

Photo credit: Editor’s sadly unused 2011 World Series tickets (because, hey, it’s tickets)