fbpx

Ticketmaster Data Breach

Compensation Claims

The Ticketmaster data breach affects up to 40,000 people.

Are you one of them?

If so, our group action can help.

Get justice for the Ticketmaster data breach

 

The Ticketmaster data breach affects up to 40,000 people who bought tickets between February 2018 and 23 June 2018.

The details stolen by cybercriminals included:

  • customer names
  • home addresses
  • email addresses
  • phone numbers
  • payment details
  • Ticketmaster login details.

All of these can be used by cybercriminals to commit further crimes.

Ticketmaster has been fined £1.25 million by the Information Commissioners Office (ICO) for failing to protect customers’ payment details. But none of this fine will go to victims of the Ticketmaster data breach. 

Keller Lenkner UK has launched a group action against Ticketmaster. Group actions can be a powerful tool and can have a bigger impact than a single claim.

IF YOU HAVE BEEN AFFECTED BY THE TICKETMASTER DATA BREACH, WE CAN HELP YOU MAKE A NO-WIN, NO-FEE CLAIM FOR COMPENSATION.

Why claim Ticketmaster data breach compensation?

Hold Ticketmaster to account for failing to protect your private information.

 

Receive financial compensation for your losses.

 

Force companies to implement better data security.

The consequences of the Ticketmaster data breach are significant

A year after the Ticketmaster security breach:

  • many of our clients have suffered multiple fraudulent transactions on their payment cards
  • a number of all clients have suffered from distress and/or psychological trauma.

Signs that criminals have used your data following the Ticketmaster security breach include:

  • bills or emails showing goods or services you haven’t ordered
  • unfamiliar transactions from your account
  • an unexpected dip in your credit score
  • an increase in spam and unsolicited communications
  • phishing attempts that ask for your personal data or refer you to a web page asking for personal data.
JOIN THE KELLER LENKNER UK DATA BREACH GROUP ACTION TO GET THE JUSTICE YOU DESERVE.

Talk to our expert data breach lawyers today on 0151 459 5850

Ticketmaster Data Breach Timeline

  • February to 23 June 2018
    Some people who bought, or attempted to buy, tickets through Ticketmaster, GetMeIn! and TicketWeb had their personal information compromised in a cyber-attack.
  • 12 April 2018
    Monzo contacted Ticketmaster with concerns over fraudulent activity in customer accounts who’d used Ticketmaster. Ticketmaster’s security team said it would investigate the issue.
  • 19 April 2018
    Tickemaster told Monzo that there was no evidence of a breach. Monzo began proactively sending out replacement cards to current account customers who had used their cards at Ticketmaster.
  • 25 May 2018
    The General Data Protection Regulation (GDPR) came into force with strict fines for companies that fail to protect customer information. This is important as the Ticketmaster data breach falls between the old and new legislation.
  • 23 June 2018
    Ticketmaster identified malicious software on a customer support product run by third-party supplier.
  • 27 June 2018
    Ticketmaster notified customers that malware had infected one of its systems and could have skimmed their personal data, including payment details.
  • 13 November 2018
    ICO fines Ticketmaster UK Limited £1.25million for failing to protect customers’ payment details.

Latest News

Ticketmaster App

Find out if Ticketmaster breached your data

Ticketmaster knows exactly who was impacted by this data breach. All you must do to find out if your details were exposed is to ask Ticketmaster if you were involved. This is called making a data subject access request (DSAR/SAR).

Read More »
Concert

5 things you should know about the Ticketmaster data breach

The Ticketmaster data breach affects up to 40,000 people who bought tickets online between February 2018 and 23 June 2018. Ticketmaster has been found culpable for the violation and fined £1.25 million by the Information Commissioners Office (ICO) for failing to protect its customers’ payment details. And, in response, Keller Lenkner UK has launched a group action against Ticketmaster. But what do you need to know about this case?

Read More »

WHAT IS A GROUP ACTION?

 

Find out more about making a group action claim for compensation against Ticketmaster.

WHAT DOES NO-WIN, NO-FEE MEAN?

 

What does no-win, no-fee actually mean and are there really no costs if you appoint us?

Why use Keller Lenkner UK to make a data breach, GDPR violation, or cybercrime claim?

JOIN OUR NO-WIN, NO-FEE TICKETMASTER GROUP ACTION

Your questions answered

 

See our answers to the FAQs we get asked about the Ticketmaster Data Breach.

FAQs about the Ticketmaster data breach

What happened in the Ticketmaster data breach?

In June 2018, Ticketmaster admitted to a huge data protection breach. The breach happened after a supplier to Ticketmaster was infected with malicious software while having access to the Ticketmaster website. The breach also affected customers of TicketWeb and the resale website Get Me In! Both of which are owned by Ticketmaster.

To make matters worse, it appears that there was a delay in disclosing the breach, after it was revealed that some UK banks knew about the incident in early April 2918.

The data hack involved both personal and payment information. This data can be used to carry out data theft and financial fraud. The data stolen includes names, addresses, email addresses, phone numbers, payment details and Ticketmaster login details.

Following the breach, a number of Ticketmaster customers saw fraudulent transactions debited from their accounts.

In November 2020, the ICO fined Ticketmaster UK Limited £1.25 million for failing to protect customers’ payment details

 

What information was stolen?

The data hack involves both personal and payment information which can be used to carry out data theft and financial fraud. The data stolen includes names, addresses, email addresses, phone numbers, payment details and Ticketmaster login details.

How would I know if Ticketmaster breached my data?

To join our claim against Ticketmaster, you need evidence that your personal information was involved in the data breach. Ticketmaster has emailed those affected, informing them that their data was put at risk. Everyone who received this email can claim compensation.

However, in some cases, victims of the Ticketmaster breach may not have received an email. For example, it might have gone into your spam folder and been automatically deleted. If this is the case, you will need to supply alternative evidence (e.g. confirmation that proves that you purchased, or attempted to buy, tickets between February and 23 June 2018).

How can I get evidence that Ticketmaster breached my data?

If you have not received confirmation about your involvement (or of you have lost this evidence), but suspect your information was breached, you can ask Ticketmaster if you were put at risk. This is called making a subject access request (SAR).

In the UK, you can ask any organisation if your data was involved in a breach and a copy of this information should be provided free of charge. This is a legal right, and you can complain to the ICO if Ticketmaster does not provide the information you have asked for.

The ICO has published a handy template for individuals who want to make a SAR.

What other evidence will you ask for?

As well as evidence that you purchased or attempted to buy, tickets between February and 23 June 2018, we will ask for:

  • Evidence of any fraudulent transactions/attempts/alerts/cancelled cards that relate specifically to the card you used to purchase tickets with. Although you do not need this to claim.
  • Evidence of any emotional distress suffered because of this breach. Although you do not need this to claim.
  • Confirmation that, as far as you are aware, your card was not put at risk by another data breach.
What should I look out for if I suspect I might have had my details stolen in this breach?

Signs that criminals have used your data following the Ticketmaster security breach include:

  • bills or emails showing goods or services you haven’t ordered
  • unfamiliar transactions from your account
  • an unexpected dip in your credit score
  • an increase in spam and unsolicited communications
  • phishing attempts that ask for your personal data or refer you to a web page asking for personal data.
What is happening with the investigation?

The Information Commissioner’s Office (ICO) has fined Ticketmaster UK Limited £1.25million for failing to keep its customers’ personal data secure.

The ICO found that the company failed to put appropriate security measures in place to prevent a cyber-attack on a chat-bot installed on its online payment page.

Ticketmaster’s failure to protect customer information is a breach of the General Data Protection Regulation (GDPR).

What are the different types of data breaches in this case?
  • Financial information stolen and used. According to the ICO, 60,000 payment cards belonging to Barclays Bank customers were subjected to known fraud which related to the breach, and Monzo Bank replaced another 6,000 cards on suspicion of fraudulent use.
  • Financial information stolen. Many of those affected by the Ticketmaster data breach will have had their financial details stolen but not used (at least not yet).
  • Email address stolen. Many people had their email addresses stolen in the Ticketmaster hack. If your email account has been hacked the consequences could be devastating. Not only does it give hackers access to lots of private data about you, but it also gives them a gateway into resetting passwords and accessing additional account information (such as your financial and social media accounts).
  • Other personal information stolen. In addition to financial information and email addresses, the Ticketmaster hackers also gained access to personally identifiable information (PII). PII includes any data that can be used to identify a specific individual, and, if it gets into the wrong hands, it can be used to undertake fraud.
What happened in the Ticketmaster chatbot breach?

In this case, it seems that the breach was caused by a Chatbot installed on Ticketmaster’s systems. This chatbot was provided by a third-party. But we strongly believe that Ticketmaster was negligent in safeguarding your data due to insufficient security systems at the company.

Furthermore, just because Ticketmaster was a victim of a crime does not mean it is any less liable. They delay in reporting this issue makes the company’s failure even more severe.

In November 2020, the ICO fined Ticketmaster UK Limited £1.25 million for failing to protect customers’ payment details

Is Ticketmaster now safe?

Following the breach, Ticketmaster said that it was working with the relevant authorities, as well as credit card companies and banks. After the breach it also said that “forensic teams and security experts are working around the clock” to understand how data was compromised.

However, even if the platform is now safe, the data stolen in this breach is still vulnerable.

Am I at risk if Ticketmaster breached my data?

Unfortunately yes, cybercriminals could use the details stolen in the Ticketmaster data breach to commit further harm (e.g. in phishing attempts). Furthermore, because of this breach, many customers were forced to change their bank accounts or credit cards while others experienced theft, fraud, and emotional damage.

A year after the Ticketmaster security breach:

  • many of our clients have suffered multiple fraudulent transactions on their payment cards
  • a number of all clients have suffered from distress and/or psychological trauma.
Can I make a claim against Ticketmaster?

The data breach affects Ticketmaster, TicketWeb and the resale website Get Me In!

UK customers who purchased, or attempted to buy, tickets between February and 23 June 2018 may have had their data stolen, as well as international customers who purchased, or tried to purchase, tickets between September 2017 and 23 June 2018.

Following the data breach, Ticketmaster emailed those affected, informing them that their data was put at risk. Everyone who has received this email can claim compensation.

If you are a Ticketmaster, Get Me In or TicketWeb user and you haven’t received an email make sure that you check your junk mail folder.

What’s more, it doesn’t matter if there is no evidence that the data has been used to carry out identity theft or fraud. If the data breach has caused you stress or anxiety, then the law agrees that you are entitled to compensation.

Can I make a claim if I have not lost any money?

Yes, it does not matter if there is no evidence that the data has been used to carry out identity theft or fraud. If the data breach has caused you stress or anxiety, then the law agrees that you are entitled to compensation

Who does the ICO fine go to?

Any money received by the ICO goes back to the Treasury, not victims of the data breach. The only way UK victims of the Ticketmaster data breach can get compensation for any harm and/or distress experienced is to take legal action.

Will victims of the data breach get some of the ICO fine?

In 2020, the Information Commissioner’s Office (ICO) fined Ticketmaster £1.25 million for failing to protect customer payment details. However, while the ICO has the power to impose hefty fines on organisations in breach of their duties, it does not award compensation. The only way UK victims of the Ticketmaster data breach can get compensation for any harm and/or distress experienced is to take legal action.

If I make a claim, will I put Ticketmaster out of business?

Some people are wary about making a data breach claim because they do not want to harm the organisation that breached their data. However, in a world that is increasingly digital, cyber-attacks are going to happen, so organisations such as Ticketmaster usually take out insurance to cover the risk of cybercrime. As such, people should feel confident holding Ticketmaster to account for this appalling data protection failure.

Why are you making this claim now?

In 2020, the Information Commissioner’s Office (ICO) found Ticketmaster guilty of failing to protect customer payment details. As in most data breach cases, we officially launched our claim after the ICO's decision was made public. Not only do we use evidence uncovered by the ICO to support our group action cases, but we also know from experience that organisations found guilty by the ICO are more likely to settle, or be made to pay compensation by the Court.

How much does it cost to make a Ticketmaster claim?

We are taking on all Ticketmaster claims on a no-win, no-fee basis.

Who is responsible for the data breach?

Ticketmaster was negligent in safeguarding your data due to insufficient security systems. Just because it was a victim of a crime does not mean it is any less liable. To make matters worse, digital bank Monzo warned Ticketmaster that something strange was going on two months before the business revealed its payment pages had been hacked. However, in responding to the bank’s concerns, Ticketmaster said that: “an internal investigation had found no evidence of a breach and that no other banks were reporting similar patterns.”

Is this claim likely to be successful?

We cannot say for sure, but we believe that we have a strong case. Especially as the ICO has already found Ticketmaster guilty of failing to put appropriate security measures in place to prevent a cyber-attack.

Ticketmaster has offered me free security software, can I still claim?

As is common in such cases, victims of the Ticketmaster data breach were offered some free services to reduce their risk following the hack. This included free security software. If you are offered any such free services, it’s vital that you know your rights before you sign up. Make sure you are not inadvertently signing away your rights to pursue a compensation claim at a later date.

What happens if I have lost the email from Ticketmaster telling me that my data was breached?

It doesn’t matter. Simply let us know and we’ll make sure Ticketmaster checks their database for your records.  You just have to confirm to us that you have deleted it (or even let us know if you think you have). Of course, it’s always worth checking your deleted email and spam folders first just in case!

A word of warning however, if you haven’t received an email and deliberately mislead us you could be liable for costs. Just be honest with us and we’ll be able to help.

How do I start a claim?

To join our Ticketmaster data breach group action compensation claim you need to register with us. It is vital to sign up ASAP to ensure you do not miss out.

Keller Lenkner UK is the only law firm actively litigating this case in the UK at the time of this fine.

Our first multi-claimant action is being heard in the High Court. But, because of the number of people affected by the Ticketmaster data breach, we are now registering people who are interested in the outcome of our initial action, and who might want to progress a further claim against Ticketmaster.

What can you claim for?

While each case is judged on its own merits, there are some things we would typically look for when it comes to when claiming compensation following a data breach, cybercrime or other GDPR violation:

Financial loses

With stolen data, cybercriminals can make purchases using your bank and credit cards, apply for credit in your name, set up fraudulent bank accounts and access your existing online accounts.

Distress

GDPR failures, cybercrime and data breaches can have a significant impact on you, both mentally and physically. They can cause or exacerbate anxiety, stress and other psychological conditions.

Loss of privacy

Your data has value, and organisations must be held to account if they fail to protect your right to data privacy or otherwise do not uphold your GDPR rights.
 

How to protect yourself following a data breach or cybercrime

  • Contact your bank or credit card provider immediately if your financial data has been exposed.
  • Check all bills and emails for goods or services you have not ordered.
  • Check your bank account for unfamiliar transactions.
  • Alert your bank or credit card provider immediately if there is any suspicious activity.
  • Monitor your credit score for any unexpected dips.
  • Call Credit, Experian and Equifax to ensure credit isn’t taken out in your name.
  • Never provide your PIN or full password to anyone (even someone claiming to be from your bank).
  • Never been pressured into moving money to another account for fraud reasons. A legitimate bank won’t ask you to do this.
  • Follow the security instructions provided by the organisation that breached your data.
  • Never automatically click on any suspicious links or downloads in emails or texts.
  • Don’t assume an email or phone call is authentic just because someone has your details.
  • Be careful who you trust – criminals often use scare tactics to try and trick you into revealing your security details.
  • Know that, even if you recognise a name or number, it might not be genuine.
  • Don’t be rushed or pressured into making a decision. A trustworthy organisation would never force you to make a financial transaction on the spot.
  • Never provide your full password, pin or security code to someone over the phone (or via message). If a bank believes a transaction has been fraudulent, they will not ask for this information to cancel the transaction.
  • Listen to your instincts and ask questions if something feels “off”.
  • Refuse requests for personal or financial information and stop discussions if you are at all unsure.
  • Contact your bank or financial service provider on a number you know and trust to check if a communication is genuine.
  • Be cautious of unsolicited communications that refer you to a web page asking for personal data.
  • Don’t accept friend requests from people you don’t know on social media.
  • Review your online privacy settings.
  • Report suspected fraud attempts to the police and Action Fraud.
  • Register with the Cifas protective registration service to slow down credit applications made in your name.
  • Change your passwords regularly and use a different password for every account (a password manager can help with this).
  • Protect your devices with up-to-date internet security software.

JOIN OUR NO-WIN, NO-FEE TICKETMASTER GROUP ACTION