West Ham’s official ticketing partner, Ticketmaster is believed to have had its IT breached by cybercriminals who claim to have stolen 1.3TB of data on 560 million of the corporation’s customers – and are now selling all that info for $500,000.
The records allegedly swiped from Ticketmaster include customers’ names, email addresses, phone numbers, and physical addresses, as well as order info and credit card details — specifically, the last four digits of the cards plus names and expiration dates.
West Ham, Brentford, Crystal Palace, Everton Wolves, Arsenal, Nottingham Forest, Tottenham Hotspur, and Luton Town all use Ticket Master IT systems as their exclusive ticketing partner.
The purported Ticketmaster data went on sale on Tuesday this week on the now-revived BreachForums, which declares the ShinyHunters crew as its administrator.
ShinyHunters was one of two previous BreachForums administrators, before FBI shut down an earlier incarnation of the notorious marketplace for stolen data and reportedly cuffed the other suspected admin two weeks ago.
ShinyHunters claims it did contact Ticketmaster before offering the customer data for sale, and claimed the company never opened the message nor responded to it.
The big question is whether West Ham supporters and other Premier League supporters’ personal data are included in this cyber breach?
Club sources say they written to Ticketmaster to remind them of their legal obligations in disclosing any data breach involving West Ham supporters but have yet to receive a reply.
“If Ticketmaster has had a breach of this scale it is important they inform customers but it is important to also consider that sometimes criminal hackers make false or inflated claims about data breaches – so people should not be overly concerned until a breach is confirmed,” one security researcher commented.
Individuals declaring large batches of data in the past have proven to be duplicates of previous hacks rather than newly stolen information.
But if verified, the hack could be the most significant breach ever in terms of numbers and the extent of the data stolen.
This is not the first time Ticketmaster has been hit with security issues, but they need to release a public statement to clarify their position.