Ticketmaster has disclosed a widespread hack that compromised the payment and personal details of tens of thousands of British customers.
The online ticketing retailer said the information was compromised through malicious software hosted by Spanish firm Inbenta, which provided software for Ticketmaster’s live chat window on its website.
Ticketmaster said the breach occurred on Saturday, and that less than five per cent of its global customer base were affected.
Reports suggest that around 40,000 British customers were affected, although Ticketmaster has not provided an exact number.
All customers the ticketing retailer believes were affected have been contacted and advised to change their password.
It also offered 12 months free identity monitoring service to anyone whose details may have been stolen.
Ticketmaster said customers in North America were not affected, although it advised international customers to change their passwords as well.
Anyone who attempted to buy tickets between February and June 23 of this year, and international customers who bought or tried to buy tickets between September 2017 and June 23 could have been affected.
“On Saturday, June 23, 2018, Ticketmaster UK identified malicious software on a customer support product hosted by Inbenta Technologies, an external third-party supplier to Ticketmaster,” the company said in its statement.
“As soon as we discovered the malicious software, we disabled the Inbenta product across all Ticketmaster websites.”
It added: “As a result of Inbenta’s product running on Ticketmaster International websites, some of our customers’ personal or payment information may have been accessed by an unknown third-party.”
A National Cyber Security Centre spokesperson said they were aware of the incident and were working with partners to determine what happened.
Ticketmaster added it was working with relevant authorities, as well as credit card companies and banks, and had its own forensics teams and experts analysing the breach.
Affected data includes name, address, email address, telephone number, payment details and Ticketmaster login details.
This is the first disclosure of a major breach that occurred under the new GDPR, which carries fines of up to €20 million (£17.6 million) or four per cent of turnover.
LiveNation, which owns Ticketmaster, said they sold more than 387,000 tickets per day globally in 2011.