Ticketmaster data breach confirmed, over 500 million customers possibly affected

Ticketmaster has notified customers about a suspected data breach, USA Today reported.

In May, Ticketmaster said it was investigating a data breach after a hacking group known as ShinyHunters claimed responsibility for stealing the information of more than 500 million Ticketmaster customers, the New York Times reported.

In the filing with the U.S. Securities and Exchange Commission, Ticketmaster’s parent company, Live Nation Entertainment, said it had “identified unauthorized activity within a third-party cloud database environment,” according to the Times.

The notices Ticketmaster sent to customers last week said “an unauthorized third party obtained information from a cloud database hosted by a third-party data services provider” between April 2 and May 18, according to USA Today.

Customers then began posting the notices they received from Ticketmaster on social media.

Just got an email from Ticketmaster notifying users of a massive data breach via a “third party data services provider.” So in addition to their egregious business practices, they let their customers’ credit card information get hacked??! Truly unbelievable.

— Rachel Glickhouse (@Riogringa) June 28, 2024

Got a letter in the mail about the Ticketmaster data breach pic.twitter.com/zFVXYRYnFD

— ???? (@tzuslights) July 1, 2024

Awesome, just got an email from @Ticketmaster saying they’ve had a data breach.

So, not only are they screwing us with fees, our information is up for grabs. ???? pic.twitter.com/ShJjPeNiW6

— Trey Wallace (@TreyWallace_) July 1, 2024

ShinyHunters, the group allegedly behind the breach, is believed to have been formed around 2020, the NYT said, and its past victims have included Microsoft and AT&T, among dozens of other companies in the United States and elsewhere, according to federal prosecutors.

The group has marketed stolen data from over 60 companies in the U.S. and globally since early 2020, according to the U.S. Department of Justice, NPR reported.

The cyberattack follows a May 23 federal lawsuit by the Justice Department and 30 state and district attorneys against Live Nation alleging that it created a monopoly on live event ticket prices, according to NPR.

The Ticketmaster data breach was first revealed in a May 28 post on a forum called BreachForums, according to the NYT, where the group posted that it had the identifying information of 560 million Ticketmaster customers — including credit card numbers and ticket sales.

The asking price for the data, said to be 1.3 terabytes in size, was $500,000, the NYT said.

Ticketmaster users should monitor their credit and bank accounts for possible suspicious activity, the company said, according to USA Today.

The notice sent to customers said Ticketmaster is offering identity monitoring services through TransUnion, USA Today said, but customers must enroll within 90 days of receiving the notice.