In 2018, Ticketmaster admitted to a huge data protection breach. As a result of the privacy violation, hackers exploited poor security at the company to steal customer names, home addresses, email addresses, phone numbers, payment details and login details.
These details can be used by cybercriminals to commit further crimes – including data theft and financial fraud. Indeed following the breach, several Ticketmaster customers experienced fraudulent activity on their accounts.
The breach happened after a supplier to Ticketmaster was infected with malicious software while having access to the Ticketmaster website. The infringement also affected customers of TicketWeb and the resale website Get Me In! Both of which are owned by Ticketmaster.
In 2020, the ICO fined Ticketmaster £1.25 million for failing to protect customer payment details. But this money will not be given to victims of the breach. The only way to get Ticketmaster data breach compensation is to make a claim.
At Keller Lenkner UK, we have launched a Ticketmaster data breach group action to help victims claim compensation and achieve justice. But many people still do not know if their personal data was involved in this privacy violation.
Our expert data protection lawyers explain how to find out if Ticketmaster breached your data, as well as answering some of the other frequently asked questions in this case.
How would I know if Ticketmaster breached my data?
To join our claim against Ticketmaster, you need evidence that your personal information was involved in the data breach. Ticketmaster has emailed those affected, informing them that their data was put at risk. Everyone who received this email can claim compensation.
However, in some cases, victims of the Ticketmaster breach may not have received an email. For example, it might have gone into your spam folder and been automatically deleted. If this is the case, you will need to supply alternative evidence (e.g. confirmation that proves that you purchased, or attempted to buy, tickets between February and 23 June 2018).
How can I get evidence that Ticketmaster breached my data?
If you have not received confirmation about your involvement (or of you have lost this evidence), but suspect your information was breached, you can ask Ticketmaster if you were put at risk. This is called making a subject access request (SAR).
In the UK, you can ask any organisation if your data was involved in a breach and a copy of this information should be provided free of charge. This is a legal right, and you can complain to the ICO if Ticketmaster does not provide the information you have asked for.
What other evidence will you ask for?
As well as evidence that you purchased or attempted to buy, tickets between February and 23 June 2018, we will ask for:
- Evidence of any fraudulent transactions/attempts/alerts/cancelled cards that relate specifically to the card you used to purchase tickets with. Although you do not need this to claim.
- Evidence of any emotional distress suffered because of this breach. Although you do not need this to claim.
- Confirmation that, as far as you are aware, your card was not put at risk by another data breach.
What should I look out for if I suspect I might have had my details stolen in this breach?
Signs that criminals have used your data following the Ticketmaster security breach include:
- bills or emails showing goods or services you haven’t ordered
- unfamiliar transactions from your account
- an unexpected dip in your credit score
- an increase in spam and unsolicited communications
- phishing attempts that ask for your personal data or refer you to a web page asking for personal data.
What are the different types of data breaches in this case?
- Financial information stolen and used. According to the ICO, 60,000 payment cards belonging to Barclays Bank customers were subjected to known fraud which related to the breach, and Monzo Bank replaced another 6,000 cards on suspicion of fraudulent use.
- Financial information stolen. Many of those affected by the Ticketmaster data breach will have had their financial details stolen but not used (at least not yet).
- Email address stolen. Many people had their email addresses stolen in the Ticketmaster hack. If your email account has been hacked the consequences could be devastating. Not only does it give hackers access to lots of private data about you, but it also gives them a gateway into resetting passwords and accessing additional account information (such as your financial and social media accounts).
- Other personal information stolen. In addition to financial information and email addresses, the Ticketmaster hackers also gained access to personally identifiable information (PII). PII includes any data that can be used to identify a specific individual, and, if it gets into the wrong hands, it can be used to undertake fraud.
Am I at risk if Ticketmaster breached my data?
Unfortunately yes, cybercriminals could use the details stolen in the Ticketmaster data breach to commit further harm (e.g. in phishing attempts). Furthermore, because of this breach, many customers were forced to change their bank accounts or credit cards while others experienced theft, fraud, and emotional damage.
A year after the Ticketmaster security breach:
- many of our clients have suffered multiple fraudulent transactions on their payment cards
- a number of all clients have suffered from distress and/or psychological trauma.
Who can make a claim for the Ticketmaster data breach?
The data breach affects Ticketmaster, TicketWeb and the resale website Get Me In!
Customers living in England and Wales who purchased, or attempted to buy, tickets via these sites between February and 23 June 2018 may have had their data stolen and if so, can make a claim with Keller Lenkner UK (as long as they have evidence to prove their involvement).
Can I make a claim if I have not lost any money?
Yes, it does not matter if there is no evidence that the data has been used to carry out identity theft or fraud. If the data breach has caused you stress or anxiety, then the law agrees that you are entitled to compensation.
Will victims of the data breach get some of the ICO fine?
In 2020, the Information Commissioner’s Office (ICO) fined Ticketmaster £1.25 million for failing to protect customer payment details. However, while the ICO has the power to impose hefty fines on organisations in breach of their duties, it does not award compensation, so this money will not be given to victims of the breach. The only way to get Ticketmaster data breach compensation is to make a claim.
Who is responsible for the Ticketmaster data breach?
Ticketmaster was negligent in safeguarding your data due to insufficient security systems. Just because it was a victim of a crime does not mean it is any less liable. To make matters worse, digital bank Monzo warned Ticketmaster that something strange was going on two months before the business revealed its payment pages had been hacked. However, in responding to the bank’s concerns, Ticketmaster said that: “an internal investigation had found no evidence of a breach and that no other banks were reporting similar patterns.”
Is this claim likely to be successful?
We cannot say for sure, but we believe that we have a strong case. Especially as the ICO has already found Ticketmaster guilty of failing to put appropriate security measures in place to prevent a cyber-attack.
How do I make a data breach claim?
To join our Ticketmaster data breach group action compensation claim you need to register with us. It is vital to sign up ASAP to ensure you do not miss out.
Keller Lenkner UK is the only law firm actively litigating this case in the UK at the time of this fine.
Our first multi-claimant action is being heard in the High Court. But, because of the number of people affected by the Ticketmaster data breach, we are now registering people who are interested in the outcome of our initial action, and who might want to progress a further claim against Ticketmaster.