Ticketek Customer Data Swiped in Third-Party Cyber Attack

Ticketek has warned customers that their personal data may have been exposed following a cyber attack on a third-party cloud provider.

In an email sent to impacted customers, the Australian ticket-selling company said that personal information belonging to Ticketek Australia account holders was accessed after a cloud-based platform hosted by a “reputable, global third-party supplier” was breached. 

It confirmed that the stolen data included customer’s names, email, and dates of birth, assuring customers that no passwords or accounts had been compromised. 

“We would like to reassure you that Ticketek has secure encryption methods in place for all passwords and your Ticketek account has not been compromised,” Ticketek said in its email.

"The available evidence at this time indicates that, from a privacy perspective, customer names, dates of birth and email addresses may have been impacted," the company said.

"Since our third-party supplier brought this to our attention, over the past few days we have worked diligently to put every resource into completing an investigation so that we can communicate with you as quickly as possible," Ticketek said in an email sent to some of its customers.

'Be especially vigilant'

Australian Home Affairs and Cyber Security Minister Clare O'Neil wrote on the social media platform X that the National Office of Cyber Security had been informed by Ticketek Australia that "data belonging to their customers has been stolen"

“I'd ask Australians to be especially vigilant and on the lookout for scams during a time like this," O'Neil wrote. 

"In a breach like this, Australians need to be aware of scams including phishing emails. Data breaches are becoming more common – in Australia and around the world. That means that we all have to be more careful in how we use the Internet."

"Don't click on any links in emails you aren't sure about, and if you receive an uncharacteristic email or text, be extra cautious in dealing with it."

Hack after hack

The attack comes just days after another major cyber attack on the ticket-selling platform Ticketmaster, which saw hackers still data belonging to over half a million customers.

The hacker group ShinyHunters claimed responsibility for that attack, writing in a dark web post that they had allegedly stolen 1.3 terabytes of data, including names, addresses, emails, phone numbers, and credit card information.

Lieutenant General Michelle McGuinness, the National Cyber Security Coordinator took to social media to note that the Ticketek incident is not connected to the recent Ticketmaster data breach.

“Today, I was advised by Ticketek of a cyber incident impacting Ticketek Australia and its account holder information,” LTGEN McGuinness said.

“Ticketek is a different company to Ticketmaster, which is a subsidiary of Live Nation Entertainment. The Australian Signals Directorate and Australian Federal Police are also aware of the incident.”

No threat actor has claimed responsibility for the cyber attack on Ticketek, and the stolen data has not yet been leaked online.