Thousands of Australians may have been impacted by a data breach involving ticket sales giant Ticketmaster, with the hacker group ShinyHunters claiming to have stolen personal data of 560 million customers across the globe.
According to The Sydney Morning Herald’s report, ShinyHunters said in a post on a dark web forum that they possess 1.3 terabytes of customer data, including names, addresses, email addresses, phone numbers, payment details, credit card numbers, expiration dates, and “customer fraud details.”
The hacker group is seeking US$500,000 (AU$752,000) for a one-time sale of the information, which also includes ticket sales, event details, and order information. If verified, the breach could lead to identity theft and financial fraud for affected customers.
ShinyHunters became known as the operator of Breach Forums, previously shut down by the FBI but recently reopened. This is the same forum where the user “Optusdata” threatened to release the personal data of around 10 million Optus customers before retracting the post.
Ticketmaster’s parent company, Live Nation, is facing a lawsuit from the US government, alleging that it maintains a monopoly on live events. The US Justice Department, alongside 30 state and district attorneys-general, has filed an antitrust lawsuit against the company.
“In recent years, Live Nation-Ticketmaster’s exorbitant fees and technological failures have been criticised by fans and artists alike,” said Attorney-General Merrick Garland, as reported by The Sydney Morning Herald. “But we are not here today because Live Nation-Ticketmaster’s conduct is inconvenient or frustrating. We are here because, as we allege, that conduct is anticompetitive and illegal.”
This suspected breach adds to an expanding list of cyber incidents, with cyberattacks costing the Australian economy $33 billion annually.
Recently, a hacker claiming to possess Australian patient data from the MediSecure breach listed information for sale on a Russian hacking forum for US$50,000 ($75,735). Australia’s national cybersecurity co-ordinator, Lieutenant General Michelle McGuinness, said federal agencies, along with state and territory governments, are addressing the incident.
Aside from MediSecure, tech firm Iress reported unauthorised access into its GitHub user space, initially detected on May 13. Despite the security issue, the firm offered assurances that the incident had not impacted its clients’ operations or compromised data within its software systems.
Meanwhile, Australian mortgage lender Firstmac confirmed a major data breach due to a ransomware attack, resulting in the leak of more than 500GB of data.