What You Need to Know about the Ticketmaster Data Breach

Ticketmaster is an American ticket sales and distribution company that provides services for event organizers, venues, and fans. Initially founded in 1976, it merged with Live Nation in 2010 (under the name Live Nation Entertainment) and is considered one of the largest ticket sellers in the world. Given the nature of its business, Ticketmaster handles a large amount of sensitive information, including customers' personal data, payment information, and event details. This makes it a potential target for cyberattacks. Over the years, Ticketmaster has experienced several security breaches, like the 2018 hack attack that compromised the data of over 40,000 UK customers who purchased tickets between February and June of that year. 

In May 2024, Ticketmaster experienced its most significant data breach, impacting approximately 560 million users and compromising customer names, addresses, phone numbers, email addresses, order information, and ticket sales information. The incident, which has been linked to a more extensive series of cyberattacks targeting multiple organizations (allegedly through a compromised third-party service provider), has raised concerns about the security of cloud storage services and the importance of robust cybersecurity measures.

When Was the Ticketmaster Data Breach?

The Ticketmaster data breach was first detected on May 20, 2024, when the company identified unauthorized activity within a third-party cloud database environment. About a week later, a hacker group known as ShinyHunters started offering the company’s data on the dark web. The data on sale allegedly included 560 million customers’ full details (names, addresses, email addresses, and phone numbers), credit card details, ticket sales information, event information, and order details. 

In a Form 8-K filed with the SEC, Live Nation Entertainment (Ticketmaster’s parent company) acknowledged the breach, stating that it was notifying users and regulatory authorities and also working to mitigate risks to its users. However, the company did not name the third-party cloud database host provider in this statement. 

While several sources have pointed to Snowflake as the third-party host of the breached database and linked this incident to a series of recent data breaches (most involving ShinyHunters), Snowflake has asserted that there was no data breach of its own systems. According to Snowflake, these breaches were due to its customers failing to adequately secure their accounts using multi-factor authentication (even though it doesn’t enforce or require its customers to enable this security measure by default).

How to Check If Your Data Was Breached

In acknowledging the data breach, Ticketmaster noted that it would inform users whose personal information was impacted by the incident. To determine if your data was compromised in the Ticketmaster breach, you should keep an eye out for emails and notifications from the company, as they are likely to contact affected users directly. You can also log into your Ticketmaster account, look for any suspicious activity or unauthorized changes, and use a third-party data breach notification service to determine if your email address or personal information has been involved in this or other breaches.

What to Do If Your Data Was Breached

You should take the following steps if you discover that your data was compromised by the Ticketmaster breach (you should also consider taking them if you are on the fence about being impacted by this incident):

• Change your Ticketmaster password and any other accounts that use the same password.
• Enable two- or multi-factor authentication (2FA or MFA) on any accounts that allow this (doing so adds an extra layer of security). 
• Closely monitor your bank and credit card statements and keep an eye out for any unusual transactions. 
• Consider enrolling in a credit monitoring service to receive alerts about any suspicious activity involving your personal information.
• Report any fraudulent activity you detect to the relevant financial institutions and credit bureaus immediately. 
• Regularly check for updates or instructions from Ticketmaster on recommended actions to take (or additional security incidents). 

Are There Any Lawsuits Because of the Data Breach?

It is still early to determine the full legal repercussions of the Ticketmaster data breach. Nevertheless, data breaches of this magnitude often lead to class-action lawsuits from affected customers. These lawsuits typically seek compensation for damages resulting from the incident and aim to hold the company accountable for failing to protect user data adequately.

Can My Ticketmaster Information Be Used for Identity Theft?

Yes, the information stolen in the Ticketmaster data breach can be used for identity theft. Although full payment card details were not exposed, the compromised data includes names, addresses, phone numbers, and email addresses, which are sufficient for criminals to carry out various types of fraud, including phishing attacks, SIM swapping, and other forms of identity theft. 

What Can You Do to Protect Yourself Online?

Attending concerts, sports events, and theater performances is a beloved pastime for many, and services like Ticketmaster have made securing tickets more convenient than ever. However, the ease of booking events and purchasing tickets online also comes with the risk of exposing your personal information to bad-faith actors if you aren’t careful. To protect yourself and minimize the risk of falling victim to cyber criminals, adopting a proactive and vigilant approach when performing transactions online is essential. Here are some key steps to enhance your online security when using Ticketmaster and other similar platforms:

• Avoid using the same password for multiple accounts. Consider using a password manager to generate and store complex passwords and enable two- or multi-factor authentication wherever possible.
• Be cautious of unsolicited emails and messages, especially those asking for personal information or containing suspicious links.
• Regularly check your financial and online accounts for any unusual activity.
• Ensure your computer and mobile devices have up-to-date security software and operating systems.
• Stay informed about the latest cybersecurity threats and best practices for protecting your personal information. A good way to do this is to sign up for IDStrong's free cybersecurity newsletters and data breach alerts.