Ticketmaster says credit card data may have been stolen in UK breach

The company spots malicious software on one of its customer support products that's hosted by a third party.

Marrian Zhou Staff Reporter
Marrian Zhou is a Beijing-born Californian living in New York City. She joined CNET as a staff reporter upon graduation from Columbia Journalism School. When Marrian is not reporting, she is probably binge watching, playing saxophone or eating hot pot.
Marrian Zhou
2 min read

Ticketmaster UK was hit by a data breach on Saturday.

Ticketmaster/YouTube screenshot by Chris Matyszczyk/CNET

A security breach has compromised Ticketmaster UK's customer database.

The online entertainment retail service said Wednesday that personal information and credit card data from customers in the UK and other countries may have been stolen. The Associated Press first reported the news.

The company discovered malicious software on a customer support product hosted by Inbenta Technologies, which is a third-party artificial intelligence tech supplier.

"We can confirm with 100 percent certainty that no data was taken from our servers and no other customers other than Ticketmaster were affected. The JavaScript we created specifically for Ticketmaster was used on a payments page, which is not what we built it for. Had we known that script would have been used in that way, we would have advised against it, as it poses a security threat," said Jordi Torras, CEO of Inbenta Technologies, in an email statement. "We are deeply sorry for anyone affected by the breach, and we are absolutely certain that no other customers of Inbenta have been hacked."

Ticketmaster UK said it disabled the Inbenta product as soon as it spotted the breach on Saturday. The company said less than 5 percent of its global customers had been affected, but customers in North America were untouched.

"If you have not received an email [from us], we do not believe you have been affected by this security incident based on our investigations," the company said in a blog post. "Forensic teams and security experts are working to understand how the data was compromised."

Ticketmaster UK isn't the first online retail service recently hit by a data breach. A similar attack targeted Best Buy, Delta Airlines, Sears and Kmart in April. Customers' names, addresses and credit card information might have been stolen by hackers, but the companies didn't confirm how many customers were affected or any personal information was actually stolen in those breaches.

A Ticketmaster spokesman said the company has no additional comment.

First published on June 27, 2:36 p.m. PT.

Updates, June 28, 1:29 p.m. PT: Adds Inbenta Technologies CEO Jordi Torras statement.

Watch this: Worst hacks of the year

Security: Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night.

Blockchain Decoded: CNET looks at the tech powering bitcoin -- and soon, too, a myriad services that will change your life.