Live Nation Entertainment and Ticketmaster logos are seen in this illustration taken May 23.Dado Ruvic/Reuters
The federal privacy commissioner is investigating Ticketmaster Canada after its global parent company revealed this month that a data breach may have affected the personal information of millions of users worldwide.
The company is by far the biggest of its kind worldwide, selling tickets for events including concerts, sports games and theatre shows, and in recent years, it has operated re-selling markets as well.
”Ticketmaster holds the personal information of millions of Canadians,” Privacy Commissioner Philippe Dufresne said in a statement Wednesday. “The investigation will allow us to understand why this cyber incident happened and what must be done to address this situation and prevent it from happening again.”
Why buying event tickets is more complicated than ever
Ticketmaster is owned by the U.S. entertainment conglomerate Live Nation Entertainment Inc. The parent company published a securities filing in May revealing it had found “unauthorized activity” on a third-party server and that it had identified a “criminal threat actor” alleging to sell its user data on the dark web.
The ticketing company shared more details in early July, telling users that the activity happened between April 2 and May 18, and that users’ names, e-mail addresses, phone numbers, and encrypted credit-card information may have been compromised in the breach. The ShinyHunters hacking group has taken credit for the breach, which may have affected the data of as many as 560 million people.
“We know how important your personal information is and we take its protection very seriously,” Ticketmaster wrote on its website. It said it would collaborate with law enforcement, credit card companies and banks, warning users to monitor their bank accounts for suspicious activity and offering affected Canadian users a 12-month free identity monitoring service through TransUnion of Canada Inc.
Ticketmaster did not immediately respond to a request for comment. The Privacy Commissioner of Canada’s office said Mr. Dufresne was not available for an interview, and that its investigation was prompted by a complaint. It added that it would assess Ticketmaster’s compliance with the Personal Information Protection and Electronic Documents Act, examining its security safeguards and fulfillment of breach notification requirements.
Ticketmaster notice of privacy breach months after hack triggers customer backlash
Experts have warned for years that the nearly quarter-century-old federal private-sector privacy law is out-of-date in the now-robust internet economy. But the federal Liberals have dragged their feet across successive parliaments in their attempts to bring Canada’s privacy regime closer in line with more progressive privacy-protecting jurisdictions, such as the European Union and California.
Canadian users have faced numerous data breaches in recent years, as a result of hackers developing more sophisticated techniques. Indigo Books and Music faced a ransomware attack last year that compromised staff members’ personal information, and numerous Canadian wealth managers told clients last year that their information, including social insurance numbers, had been breached in a hack.