It took Ticketmaster more than two months to inform the public of a breach that digital bank Monzo identified in early April.
Yesterday, news surfaced that Ticketmaster had suffered a major data breach, with tens of thousands of people’s card details stolen.
But leading UK digital bank Monzo noticed signs of the breach as far back as early April. Besides taking steps to protect its own customers, the bank also proactively sought to make Ticketmaster and other banks aware of the situation. Those warnings, however, seem to have fallen on deaf ears.
Monzo first grew suspicious when, on 6th April, roughly 50 customers reported fraudulent transactions on their accounts. In addition to instantly replacing their cards, the bank ran analysis on the incidents, finding that 70 per cent of those affected had used their cards with the same online merchant, Ticketmaster, between December and April. That number caught the financial crime and security team’s eye since, overall, a mere 0.8 per cent of Monzo customers had used Ticketmaster.
Monzo then put a block, for all customers, on any future transactions that bore similar features, as well as contacting the US Secret Service (which is responsible for credit card fraud in the US) and other banks to share their findings. Further evidence then pointed to a Ticketmaster breach – and the bank decided to invite Ticketmaster’s security team into its offices. The visitors reviewed the information and promised an internal investigation.
As evidence continued to mount, Monzo informed Mastercard that there had been a breach and decided to ‘proactively replace every Monzo card that had been used at Ticketmaster’ – amounting to some six thousands hot coral cards.
On 19th April, Monzo was informed by Ticketmaster that its investigation had turned up no evidence of a breach – and that no other banks were reporting similar patterns. It wasn’t until yesterday, over two months later, that the breach was eventually admitted.
Ticketmaster clarified that the breach came from a malware in its customer support product, which was removed late last week. Cards used with the site up until 23rd June could have been compromised.
This morning, Monzo published a timeline of the events surrounding the breach.
A Monzo representative refused to comment on why Ticketmaster took so long to reveal the breach.