Credit card information accessed as part of security breach, Ticketmaster confirms

Oilers fans or anyone else who’s used Ticketmaster are being urged to secure their online accounts and check for unusual activity.

The ticket seller has confirmed customer information may have been compromised during a “data security incident.”

The company said it recently discovered an unauthorized third party had obtained information from a cloud database hosted by a third-party data services provider.

The breach happened during the Edmonton Oilers playoff run, as fans were snapping up tickets to games and watch parties.

“Based on our investigation to date, we determined that the unauthorized activity occurred between April 2, 2024, and May 18, 2024,” Ticketmaster wrote in an email to users on Monday. “On May 23, 2024, we determined that some of your personal information may have been affected by the incident. We have not seen any additional unauthorized activity in the cloud database since we began our investigation.”

The company says personal information of customers who bought tickets in Canada, the U.S. and Mexico is part of the breach, and information such as email, phone numbers, encrypted credit card information, as well as other personal information may have been compromised.

One communications expert calls the breach “egregious.”

“Oftentimes, when there are data breaches like this, it’s just personal information, it’s maybe your name and address, possibly your birthdate, which are things that somebody would need to impersonate you. And to maybe change your banking information with a bit of social engineering,” Evan Light of York University told CTV News on Tuesday.

“But the fact that in addition to your people’s personal information, their credit card details were also revealed is pretty egregious. I don’t think it’s very commonplace.”

Light says he isn’t privy to Ticketmaster’s digital security policies but wonders about the company’s practices.

“Ticketmaster, Live Nation have taken advantage of the space, they operate in being generally unregulated, to create more or less a monopoly over live entertainment in North America, and ticket sales,” he said.

“I think when you have an unregulated monopoly like that, then you have an entity that feels free to operate however it wishes. And whether there’s cutting corners in terms of security for higher profitability or not, I don’t know.”

Light says customers could consider credit monitoring, but ultimately, the safest choice is to cancel your credit card and consider your online security practices.

“It might be convenient if you buy tickets from Ticketmaster to let them just hold on to a credit card number,” he said.

“But when you let the entity hold on to your credit card information, it means that it’s kept somewhere by some third party under conditions you know nothing about.”

Ticketmaster says it is working with outside experts on the breach and confirmed it is cooperating with U.S. federal enforcement agencies as well as credit cards and banks.

The company did not respond to CTV News Edmonton’s questions, instead providing a link to a press release.

Customers are encouraged to monitor their accounts for unusual activity.

Canadian users affected by the incident are being offered identity monitoring through TransUnion.

With files from CTVNews.ca’s Hunter Crowther and CTV News Edmonton’s David Ewasuk