Ticketmaster Customer Data Breach - The Guardian 📰

(Tom ) #1

Digital bank Monzo was the first to spot customers’ cards were being compromised. It identified in April that the common factor behind a spike in frauds was that every customer who lost money had also had interaction with Ticketmaster.

On 12 April it warned Ticketmaster of the issue, but “couldn’t get any traction” out of the company, according to Monzo’s head of financial crime, Natasha Vernier.

In the meantime, Monzo contacted all customers who had ever dealt with Ticketmaster – about 5,000 – to replace their cards.

It also told banks that are part of the UK Finance group in April that it was aware of what appeared to be a significant data breach at Ticketmaster.

Monzo’s experience suggests that anyone who has bought a ticket through Ticketmaster should check their accounts for unusual transactions involving Xendpay, Uber and Netflix. None of these companies were involved in the fraud itself, but were the means by which the fraudsters were able to steal money from people’s accounts.

So now we know what this was all about: Monzo Fraud sending me a new card... out of the blue

Monzo Fraud sending me a new card... out of the blue
(Andrew Ross) #2

Great that Monzo was the bank to call Ticketmaster out! Well done Monzo!

(Hugh Wells) #4

We’ll be posting a blog on this tomorrow :blush:

(Herp Derp) #5

(Andy) #6

Curve cancelled my card today as likely compromised. I am shocked that they were told two months ago. I wish someone would disrupt the ticket business and we wouldn’t have to rely on this terrible company…

(Andy) #7

Great work by you lot - really impressed!

(Phil) #8

Nice work MONZO!
Now I’m thinking about when I last used Ticketmaster (in the last year) and if my data is safe…

(Caspar) #9

Good press for Monzo, and difficult questions for Ticketmaster to answer. Great work :monzo:

Worryingly, the Guardian reports, some banks have known about the breach since April. Monzo has replaced 5,000 cards of customers who’ve made Ticketmaster purchases. Whether and why Ticketmaster withheld this information for two months is unknown.

(Peter Roberts) #10

Can anyone who has been defrauded by this sue Ticketmaster for damages since they had knowledge of the potential breach yet chose to ignore it? Any lawyers on here?


Ooo. I’d love some info on the tech behind this, the people who were involved at Monzo, the exchanges between TicketMaster and Monzo and if you communicate with other banking groups/financial organisations as a result of seeing trends in fraudulent activity.

I also love how they’re seemingly shifting all blame to the third party.

(Tom ) #12

Check out DICE who are doing good things!

(Valeri) #13

I really wish more companies were using DICE, last few Ticketmaster concerts I bought tickets for sold out within seconds and I couldn’t grab the seats I wanted and then there were thousands being resold on third party sites… it just feels so unfair…

(Jack) #14

Wow fantastic work Monzo, Hats off! :billed_cap::+1:t3:


TicketMaster unfortunately own a lot of event venues or have exclusivity as ticket provider.

(Jack) #16

Clever … @daniel


Haha that’s great. For context:

(Peter McDonald) #18

they seem to know when the issue started and have emailed everyone who they believe are affected (myself included)

(Peter McDonald) #19

This could be the first real test of GDPR. The ICO has made it clear that they will work with organisations that have been breached and will not jump straight to fines. However, Daniel’s tweet and claims in the media show the issue has been known for over 2 months without disclosure or proper investigation. This is wilful neglect and should be inline with a hefty fine.


Well done on the spot.

This seems to be happening often these days. Maybe in the future, Monzo could consider the disposable virtual cards like Revolut have for online spending ? Then again seems like might not be needed feature if monzo spotted it and reported it first !!

(Hugh Wells) #21

As promised :slight_smile: