Why was the impact of the Ticketmaster data breach worse than it should have been?

Ticketmaster App
Share on facebook
Share on twitter
Share on linkedin

Ticketmaster experienced a significant breach after cybercriminals hacked the company’s website in 2018. The data breach affected Ticketmaster, TicketWeb and the resale website Get Me In!

Ticketmaster admitted that a data breach took place due to third-party software on its website. This was subsequently removed, but not before the software accessed thousands of its customers’ personal and financial details.

Ticketmaster made things worse

The Ticketmaster data protection breach compromised customer names, addresses, email addresses, phone numbers, payment details and Ticketmaster login details. Along with the financial info stolen, the hackers also gained access to personally identifiable information (PII). PII includes any data that can be used to identify a specific individual, and, if it gets into the wrong hands, it can be used to undertake identity fraud.  For example, with enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

Appallingly, it was subsequently reported that Ticketmaster knew about the data breach two months before it revealed that its payment pages had been hacked, and that it had been warned that some of its customers had their cards used fraudulently.

According to digital bank Monzo, it warned Ticketmaster that it might be at risk as early as April 2018, but an internal investigation by the company failed to reveal any security issues. Commenting on this case, Natasha Vernier, Head of Financial Crime at Monzo said:

 “On Friday 6th April {2018}, around 50 customers got in touch with us to report fraudulent transactions on their accounts and we immediately replaced their cards.

“After investigating, our Financial Crime and Security team noticed a pattern: 70% of the customers affected had used their cards with the same online merchant between December of last year and April this year. That merchant was Ticketmaster. This seemed unusual, as overall only 0.8% of all our customers had used Ticketmaster.”


As the matter intensified, Monzo sent out six thousand replacement cards to customers who had used Ticketmaster. However, Ticketmaster still claimed that there was no evidence of a breach. It also said that no other banks were reporting similar security patterns. It took Ticketmaster until June that year to notify customers that malware had infected one of its systems and admit that their personal details – including payment details – could have been skimmed.

The real impact of the Ticketmaster data breach

At Keller Lenkner UK, we are helping victims of the Ticketmaster data breach to claim compensation after their data was put at risk. And years after the breach, the real-life effects of the Ticketmaster data hack are still being felt. Most of the clients we are representing in this case have suffered multiple fraudulent transactions on their payment cards or experienced distress and/or psychological trauma because of the hack.

Holding Ticketmaster to account

While Ticketmaster was the victim of a cyber-attack, it was responsible for protecting your personal information.

Still trying to defend its behaviour, Ticketmaster is blaming a third-party supplier for the security breach. And, it has been reported that the hack occurred due to a single piece of JavaScript code customised by a third-party to meet Ticketmaster’s requirements. Identifying a weakness in this code, attackers used this vulnerability to extract customer information as they were paying for tickets.

However, we believe that Ticketmaster was still negligent in safeguarding your data due to insufficient security systems. Just because it was a victim of a crime does not mean it is any less liable. So, if you were affected by this hack, you have a right to claim compensation.

Are you affected by the Ticketmaster data breach?

UK customers who purchased, or attempted to buy, tickets between February and 23 June 2018 may be at risk. Ticketmaster has said that it has informed those involved.

Ticketmaster has been fined £1.25 million by the Information Commissioners Office (ICO) for failing to protect customers’ payment details. But none of this fine will go to victims of the Ticketmaster data breach.

Over the last few years we have talked to hundreds of people who have been affected by this shocking privacy breach, and our compensation claim is now well underway. But the clock is ticking and if you want to join our action it is vital that you sign up asap.

We believe that we are the only UK legal firm currently launching a multi-party action against Ticketmaster. So, if you want to secure compensation for the impact the data breach has had on you, do not leave it too late.

Why join our group action?

A group action happens when multiple people – all of who have suffered the same or similar injuries due to the negligence of the same defendant (in this case Ticketmaster) – join together to claim for compensation. Group actions give our clients more power against big businesses. In short, they give us strength in numbers.

Making a claim is simple and, as well as getting you the compensation you deserve, making a claim sends a message to organisations everywhere that they must do more to protect their customers from identity and financial theft, and emotional distress.

Contact Keller Lenkner UK’s expert data breach lawyers to discuss the Ticketmaster data breach.

Share this article:

Share on facebook
Share on twitter
Share on linkedin