Customer data exposed after Ticketek ‘cyber incident’
By Ben Cubby
Thousands of people have had their private data leaked in a “cyber incident” that targeted ticketing company Ticketek.
The company informed the government that data hosted by a third-party company had been exposed. It also wrote to many of its customers on Friday.
Thousands of people are thought to have been affected by the Ticketek data leak. Credit: Ben Rushton
“The available evidence at this time indicates that, from a privacy perspective, your name, date of birth and email address may have been impacted,” the company said in emails to people who had bought tickets through the company.
Ticketek said in the emails that information belonging to Australian customers had been taken from a cloud-based platform “hosted by a reputable, global third-party supplier”.
It had been made aware of the data breach a few days ago, it told customers. Credit card details and passwords were encrypted and held separately and were not affected by the data breach, it said.
“We sincerely apologise to all those who may have been affected by this incident,” the company told customers in its email.
It is unclear how many people were affected by the data leak. Ticketek says its website has about 1.9 million users a month and sells about 20 million tickets a year.
Federal Minister for Home Affairs Clare O’Neil posted on the social media platform X that the breach likely affected “many Australians”.
“Earlier today, Ticketek advised the National Office of Cyber Security that they have experienced a cybersecurity incident impacting Ticketek Australia, and data belonging to their customers has been stolen,” O’Neil posted.
“The information we have so far indicates that this is a breach potentially affecting many Australians, but the data is likely limited to names, dates of births, and email addresses.
“I understand that the company has taken action to quickly identify and notify affected people. Where companies hold a significant amount of data, Australians expect that they look after it.”
The apparent hack is the second major incident affecting ticketing services in the past week after global company Ticketmaster was allegedly hacked.
Posts on the dark web dated May 28 and purporting to be from a hacking group known as ShinyHunters advertised the sale of 560 million customers’ data after the Ticketmaster incident.
The posts offered to sell the details, totalling 1.3 terabytes, and including credit card information, for $US500,000 ($758,000).
Start the day with a summary of the day’s most important and interesting stories, analysis and insights. Sign up for our Morning Edition newsletter.