Major Ticketek breach draws government response
Ticketek has suffered a major cyber breach exposing the personal information including full names and birth dates of a significant number of Aussies.
Ticketek has become the second major digital entertainment to suffer a cyber breach exposing the personal information including full names and dates of birth of a significant number of Australians.
The entertainment company, owned by TEG, began contacting customers overnight to let them know a breach had taken place via a third party vendor it used, and that private information including email addresses had been stolen by a hacker.
Ticketek confirmed the breach took place earlier in the week, and that it had notified the Australian Cyber Security Centre, the Office of the Australian Information Commissioner and the National Office of Cyber Security.
“The available evidence at this time indicates that, from a privacy perspective, your name, date of birth and email address may have been impacted,” read an email to customers.
Ticketek has not yet named which third party vendor the breach came from but it described the company as “reputable”.
“We are writing to let you know that Ticketek has become aware of a cyber incident impacting Ticketek Australia account holder information, which is stored in a cloud-based platform, hosted by a reputable, global third party supplier,” the company’s email to customers read.
The Ticketek incident follows an alleged breach earlier this week impacting over 560 million customers of Ticketmaster, which is owned by US entertainment company Live Nation.
Unlike Ticketek, Ticketmaster is yet to confirm publicly that a breach has taken place however the Department of Home Affairs has confirmed it was working with the company to understand if a breach had occurred.
Overnight, Cyber Security Coordinator LtGen Michelle McGuinness confirmed she was aware of the incident, and urged Australians to exercise caution online.
Today, I was advised by Ticketek of a cyber incident impacting Ticketek Australia and its account holder information.
— National Cyber Security Coordinator (@AUCyberSecCoord) May 31, 2024
“I welcome the timely approach taken by Ticketek to notifying its affected customers. Ticketek advises that customer names, dates of birth and email addresses may have been impacted,” LtGen McGuinness said.
Cyber Security Minister Clare O’Neil has also confirmed she was aware of the incident.
“The information we have so far indicates that this is a breach potentially affecting many Australians, but the data is likely limited to names, dates of births, and email addresses. Ticketek have assured Australian account holders that their passwords and credit card information have not been compromised,” she said.
“Where companies hold a significant amount of data, Australians expect that they look after it. The number of recent breaches has demonstrated the importance of companies quickly alerting affected customers, and offering them support.”
Ms O’Neil asked asked that impacted customers be cautious opening emails and answering calls and texts from unknown numbers.
“Don’t click on any links in emails you aren’t absolutely sure about, and if you receive an uncharacteristic email or text, be extra cautious in dealing with it,” she said.
“Data breaches are becoming more common - in Australia and around the world. That means that we all have to be more careful in how we use the Internet.”
More Coverage
Enshrine speedy response against scams into law, says CBA
CBA wants policymakers to include rules in the Scams Prevention Framework that require within 48 hours action by telcos, social media providers and banks, to disrupt scams.
Twiggy backs ALP’s online safety law reforms
Tech and social media giants including Google and Meta face fines up to $50m if they allow hate, terrorism and crime to flourish on their Australian platforms.