Ticketmaster has become the latest high-profile company to suffer a significant data breach, impacting a staggering 560 million customers worldwide. Among the affected are 2 million Australian customers, raising serious concerns about data security and the measures companies are taking to protect personal information.
In a recent interview on ABC Newcastle's Drive Home, Robert Buck, Managing Director of Diamond IT, discussed the breach with Paul Culliver, shedding light on what this means for individuals and the broader implications for data security.
What Exactly Happened?
The hacker group ShinyHunters successfully infiltrated Ticketmaster's systems with the aim of extorting money. They obtained a massive 1.3 terabytes of personal data, including:
- Names
- Addresses
- Credit card numbers (last four digits and expiry dates)
- Phone numbers
- Payment details
This data has been used to hold Ticketmaster ransom, demanding $500, 000 USD to prevent the release of this sensitive information.
Should You Assume Your Data is Stolen?
Buck explained that ShinyHunters, like other "black hat hackers," operate as an organised group with a code of ethics of sorts. They aim to extort funds rather than immediately release stolen data on the dark web. At this stage, there is no indication that the compromised data has been distributed. However, it's crucial to remain vigilant as this situation evolves.
What Does it Mean When Data is Stolen?
When we hear about data being stolen, it often means that a copy of the data has been made. Buck emphasised the inherent risk in sharing personal and credit card information, acknowledging that trusting large organisations with our data has become a societal norm. However, he advocates for adopting a "zero trust" approach, urging individuals to exercise caution each time they share their personal details.
*Tip* - using a separate debit card to link to online services, instead of your sole credit card can help limit potential financial damage from third party data breaches.
Government and Corporate Responsibility
The government is increasingly pressuring businesses to safeguard customer data. Jeffrey Foster, Associate Professor of Cyber Security Studies at Macquarie University, noted that if Ticketmaster refuses to pay the ransom, the data is likely to be sold online and distributed on the dark web for "nefarious activities." This could lead to "identity theft, fraudulent credit applications, and phishing attacks as cybercriminals exploit the stolen information."
Will Ticketmaster Be Penalised?
Companies are mandated to protect customer data, and failing to do so can severely damage their reputation and result in legal penalties. The onus is on Ticketmaster to comply with data privacy regulations and take immediate action to mitigate the breach's impact.
What Should You Do If You Have a Ticketmaster Account?
Typically, after a data breach, phishing attacks increase significantly, so it's crucial to stay vigilant and watch for suspicious emails and messages. If you have a Ticketmaster account, it's essential to take proactive steps:
- Stay Informed: Regularly check Ticketmaster’s website and your emails for updates and information.
- Be Vigilant: Be cautious with emails and phone calls, as these might be attempts to gather more information through phishing attacks.
- Review Online Services: Make a list of all your online services, assess their necessity, and close any accounts that are no longer needed.
- Update Security Measures: Change your passwords or passphrases and enable multi-factor authentication (MFA) wherever possible.
Data breaches are a stark reminder of the importance of cyber security. By staying informed and adopting a cautious approach, individuals can better protect their personal information in an increasingly digital world.
To listen to the full interview, as featured on ABC Newcastle's Drive Home with Paul Culliver (at 5.05pm), click here.
How Can Diamond IT Support Your Cyber Security Defences?
Diamond IT can help you ensure your technology, policy and staff education programs align with best practice to protect you from the ever-evolving cyber threat landscape. Our Business Technology Consultants and Business Technology Managers (BTMs) are specialists in improving your internal cyber security.
- Managed IT Support with Cyber Security.
- Cyber Security Awareness Training.
- Cyber and Data Breach Consulting and Forensic Analysis.
- Disaster Recovery (DR) Planning.
If you need advice on how you can ensure your cyber security strategy is fit for purpose our team of cyber security experts are ready to help. Contact our team on 1300 307 907 today.
