Protecting customers from the Ticketmaster Breach: Monzo's story

Our story from behind the scenes:

56 Likes

Wow. This is the proactive approach that is great about Monzo. Also, this is the great transparency that we have grown to expect with Monzo.

Fantastic work by all involved.

12 Likes

I just want to say thanks!

I received the email regarding the data breach from Ticketmaster, and have been going through and changing passwords where necessary (I know, I know, they should all be different, but occasionally I get lazy!). I hadnā€™t even considered requesting a new bank card - instead just keeping an eye on my transaction history, which in itself is made easier by the live notifications.

Getting the notification that you will be automatically replacing my bank card, and reading about all of the work you have been doing behind the scenes in regards to spotting the breach before even Ticketmaster had is a huge relief as a customer. Iā€™ve never seen so much transparency from a bank before in regards to issues like these, and itā€™s wonderful to see you being so proactive by automatically replacing bank cards for people rather than your customers having to request them themselves. If my data was breached, I would have foolishly waited for something to happen before contacting you. You may have potentially saved me a lot of trouble, phew!

Iā€™m not really sure how to sum this up other than - thanks again. Going full Monzo was the best banking choice I have made.

32 Likes

Who needs advertising, when transparency and pro-activeness can prove that Monzo is nothing but a good move for your banking ! :slight_smile:

15 Likes

This is truly amazing work from Monzo nicely done guys :slight_smile:

3 Likes

Are there any implications for Ticketmaster, given they were notified of a breach months ago and failed to follow up on it?

6 Likes

Itā€™s great to see monzos backend is amazing and they have the flexibility of seeing all these trends etc which other banks didnā€™t seem to be able to catch .

1 Like

Iā€™m also interested, but they said they did their investigations and found nothing, but the malware was in 3rd party software that they may not have had the access to the code to inspect properly.

2 Likes

Incredible isnā€™t it - Ticketmaster obviously took an early interest because they sent people over right away, but for whatever reason didnā€™t believe what they were being told. I imagine they didnā€™t consider or check/audit the possibility of external scripts being accessed, or if they did the script they checked wasnā€™t the version delivered to customers (CDN, server farm etc). My guess is that if genuinely no other banks or card issuers had reported a problem, they perhaps suspected Monzo themselves were the source!

2 Likes

Iā€™d love to see that go to court and let someone decide where they failed to spot this. It seems pretty amazing that they didnā€™t spot it earlier with all the data Monzo had.

3 Likes

As a systems security architect myself, this is an incredibly praiseworthy response from Monzo. Genuinely impressed by this guys, an exceptionally-well handled incident to say the least.

12 Likes

I donā€™t think that ticketmaster can blame a third party - they are ultimately responsible for the security of their systems.

7 Likes

Impressive work from Monzo

2 Likes

Another reason why Monzo is an amazing company to be with. Proud to be a customer especially as I was someone at risk from this!

7 Likes

Ye I agree, but I was just saying why maybe they couldnā€™t find the breach when they were notified

Then they need better security people!

I wasnā€™t affected by this, as I donā€™t use Ticketmaster, but itā€™s so good to see how Monzo protects all of us - great work guys and girls.

Companies like Ticketmaster, and other companies, should follow the Monzo way!

1 Like

Out of interest, why couldnt Monzo publicly present the evidence and say they believed Ticketmaster was the source?

It would be a bit embarrassing for Monzo if that turned out not to be the case :see_no_evil:
also it would be unfair on Ticketmaster to fram them for something without confirmation.

Isnā€™t there something about keeping a breach from going public until the originator of the breach has prepared / patches the issue? Or am I thinking of security bugs?

2 Likes

I was affected by this and I would like to thank Monzo for the proactive actions taken - well done financial security team

2 Likes