Protecting customers from the Ticketmaster Breach: Monzo's story


(Tristan Thomas) #1

Our story from behind the scenes:


Ticketmaster Customer Data Breach - The Guardian 📰
The 'Trust'
(Michael) #2

Wow. This is the proactive approach that is great about Monzo. Also, this is the great transparency that we have grown to expect with Monzo.

Fantastic work by all involved.


(Gina) #3

I just want to say thanks!

I received the email regarding the data breach from Ticketmaster, and have been going through and changing passwords where necessary (I know, I know, they should all be different, but occasionally I get lazy!). I hadn’t even considered requesting a new bank card - instead just keeping an eye on my transaction history, which in itself is made easier by the live notifications.

Getting the notification that you will be automatically replacing my bank card, and reading about all of the work you have been doing behind the scenes in regards to spotting the breach before even Ticketmaster had is a huge relief as a customer. I’ve never seen so much transparency from a bank before in regards to issues like these, and it’s wonderful to see you being so proactive by automatically replacing bank cards for people rather than your customers having to request them themselves. If my data was breached, I would have foolishly waited for something to happen before contacting you. You may have potentially saved me a lot of trouble, phew!

I’m not really sure how to sum this up other than - thanks again. Going full Monzo was the best banking choice I have made.


#4

Who needs advertising, when transparency and pro-activeness can prove that Monzo is nothing but a good move for your banking ! :slight_smile:


(Lancelot Payne) #5

This is truly amazing work from Monzo nicely done guys :slight_smile:


(Jonathon) #6

Are there any implications for Ticketmaster, given they were notified of a breach months ago and failed to follow up on it?


#7

It’s great to see monzos backend is amazing and they have the flexibility of seeing all these trends etc which other banks didn’t seem to be able to catch .


#8

I’m also interested, but they said they did their investigations and found nothing, but the malware was in 3rd party software that they may not have had the access to the code to inspect properly.


(Gareth) #9

Incredible isn’t it - Ticketmaster obviously took an early interest because they sent people over right away, but for whatever reason didn’t believe what they were being told. I imagine they didn’t consider or check/audit the possibility of external scripts being accessed, or if they did the script they checked wasn’t the version delivered to customers (CDN, server farm etc). My guess is that if genuinely no other banks or card issuers had reported a problem, they perhaps suspected Monzo themselves were the source!


(Jonathon) #10

I’d love to see that go to court and let someone decide where they failed to spot this. It seems pretty amazing that they didn’t spot it earlier with all the data Monzo had.


(Matt Breakwell) #11

As a systems security architect myself, this is an incredibly praiseworthy response from Monzo. Genuinely impressed by this guys, an exceptionally-well handled incident to say the least.


(knows someone who knows Tom quite well) #12

I don’t think that ticketmaster can blame a third party - they are ultimately responsible for the security of their systems.


#13

Impressive work from Monzo


(Charles Kirtley) #14

Another reason why Monzo is an amazing company to be with. Proud to be a customer especially as I was someone at risk from this!


#15

Ye I agree, but I was just saying why maybe they couldn’t find the breach when they were notified


(knows someone who knows Tom quite well) #16

Then they need better security people!


(Rob) #17

I wasn’t affected by this, as I don’t use Ticketmaster, but it’s so good to see how Monzo protects all of us - great work guys and girls.

Companies like Ticketmaster, and other companies, should follow the Monzo way!


#18

Out of interest, why couldnt Monzo publicly present the evidence and say they believed Ticketmaster was the source?


(Jack) #19

It would be a bit embarrassing for Monzo if that turned out not to be the case :see_no_evil:
also it would be unfair on Ticketmaster to fram them for something without confirmation.

Isn’t there something about keeping a breach from going public until the originator of the breach has prepared / patches the issue? Or am I thinking of security bugs?


(Stephen Plotkin) #20

I was affected by this and I would like to thank Monzo for the proactive actions taken - well done financial security team