Ticketmaster customers hit by recent data breach

As many as 500 million customers in the U.S., Canada and Mexico could be affected, according to law firms that have filed class-action lawsuits against Ticketmaster LLC and its parent company Live Nation Entertainment Inc.

The lawsuits allege that two companies “disregarded the rights of plaintiffs and class members by intentionally, willfully, recklessly or negligently failing to take adequate and reasonable measures to ensure its data systems were protected against unauthorized intrusions.”

Encrypted credit card information and date of birth are among the financial and personal data affected, according to the lawsuits.

Ticketmaster said on its website that “customers can continue to conduct business with Ticketmaster as normal and without issue.”

“Our comprehensive investigation — alongside leading cybersecurity experts and relevant authorities — has shown that there has been no more unauthorized activity. If you are not contacted, we do not believe your sensitive information was involved.”

Live Nation disclosed in a May 31 regulatory filing that it learned on May 27 that “a criminal threat actor’’ was offering to sell Ticketmaster data on the dark web.

Media reports say a hacking group named ShinyHunters claimed responsibility for the breach in an online forum and was seeking $500,000 for the data.

According to the notice to customers, data began being accessed on April 2 and continued until May 18. The data was obtained from a cloud database hosted by a third-party data service provider.

“We have not seen any additional unauthorized activity n the cloud database since we began our investigation,” according to the notice.

Ticketmaster said it is cooperating with federal law enforcement agencies and outside technology companies as part of its investigation.

It is offering free access to a credit reporting agency for up to 12 months for those who apply at www.mytrueidentity.com, as well as fraud assistance from Cyberscout, a TransUnion affiliate that specializes in fraud assistance and remediation.

Lisa Plaggemier, executive director of the National Cybersecurity Alliance, said consumers can take steps to reduce their exposure to data breaches.

“While there’s no need for consumers to regularly update their passwords, it’s crucial to do so when they’ve been involved in a breach like this one,” Plaggemier said.

“They should also change their password on any other account where they’ve used the same or similar password to the one on their AT&T account, a practice that should be followed during any data breach.

“Enabling multi-factor authentication whenever possible adds an extra layer of security as well.”

Plaggemier said regularly monitoring financial statements and credit reports for any suspicious activity “can also help individuals detect and respond to potential breaches promptly.”

“Furthermore, freezing their credit with the credit bureaus is a proactive measure to prevent unauthorized access to their credit information and can provide added security in the event of a data breach,” she said.