The company claims that a third party development is the incident’s cause
The incident in question is the infection of the company’s website with a credential theft malware known as Magecart. Upon hearing of the incident Ticketmaster blamed of the infection to “a customer service hosted on its website by Inbenta Technologies”. On the other hand, Jordi Torras, director of Inbenta, said: “If we had known that the script was being used in that way we would have prevented the company, as it poses a security threat.
A digital forensics investigator traveling from United Kingdom to the United States when the security breach occurred at the Ticketmaster site found that one of his bank cards was being used to perform unauthorized transactions in Belgium. After calling his bank to block the compromised card, the expert discovered that Visa had blocked another of his cards because of an “identity fraud”.
At the time the specialist stated: “Only payment cards linked to my Ticketmaster account were compromised. I have used other cards to pay for various online services and have not experienced any problems.”
After the incident many affected users began demanding Ticketmaster compensation. In response to these lawsuits, the lawyers of the firm Paul Hastings responded to the disgruntled users with a letter stating that the company was “conducting a thorough investigation into the possible security incident, its causes and the impact generated for the users”.
In the letter sent to the users the lawyers of the company assure that “the incident was presented as a result of software developed by a third-party infected with malicious code”. In addition, the company claimed that the servers and systems of its clients were not affected during the incident.