Cyberattacks hit Ticketmaster and Smith & Caughey's

4 Jun 2024
New Zealand customers potentially affected

Ticketmaster - Figure 1
Photo Insurance Business New Zealand

Recent developments have emerged regarding two major cybersecurity breaches involving ticket sales giant Ticketmaster and Auckland retailer Smith & Caughey’s, with potential impacts on New Zealand customers.

Ticketmaster recently confirmed a cybersecurity incident, with New Zealanders potentially affected.

Ticketmaster data breach

The hacker group ShinyHunters has claimed responsibility for breaching Ticketmaster’s systems, allegedly exposing customer data.

A security analyst shared with the NZ Herald a sample of data posted by ShinyHunters on the dark web, showing information for about 10,000 Ticketmaster customers, including two from New Zealand.

The hacker group is reportedly demanding US$500,000 ($820,000) for the data and threatens to sell it if the ransom is not paid.

Ticketmaster’s parent company addresses breach

Ticketmaster’s parent company, Live Nation, disclosed the breach in a May 31 (June 1 NZT) filing to the US Securities and Exchange Commission. The filing reported unauthorised activity in a third-party cloud database on May 20, prompting an investigation. On May 27, a threat actor offered what it claimed was company data for sale on the dark web.

Live Nation is working to mitigate the risk and has informed law enforcement and regulatory authorities.

“We are working to mitigate risk to our users and the company, and have notified and are co-operating with law enforcement. As appropriate, we are also notifying regulatory authorities and users with respect to unauthorised access to personal information,” the company said, as reported by NZ Herald. “As of the date of this filing, the incident has not had, and we do not believe it is reasonably likely to have, a material impact on our overall business operations or on our financial condition or results of operations. We continue to evaluate the risks and our remediation efforts are ongoing.”

The Office of the Privacy Commissioner stated that it has not been notified by Ticketmaster of a breach impacting New Zealanders.

“Where an organisation has had a privacy breach that is likely to cause anyone serious harm, it is legally required to notify us and any affected persons as soon as they are practicably able to,” a spokesperson for the Office of the Privacy Commissioner told NZ Herald. “As a guide, our expectation is that a breach notification should be made to our office no later than 72 hours after agencies become aware of a notifiable privacy breach.”

Smith & Caughey’s data breach

In a separate incident, the hacker group LockBit has claimed to have accessed and is selling Smith & Caughey’s financial, HR, accounting, management, and IT department data on the dark web, with a deadline of June 4 for offers. The department store, closing after 144 years, acknowledged the breach on Thursday.

He confirmed that the retailer’s digital team is actively working on the issue.

Related Stories
Read more
Similar news