There were more than 3,000 data compromises in 2023 that impacted more than 350 million people across the U.S., according to the Identity Theft Resource Center.
VERIFY readers Sherry and Linda recently reached out about an email they received purportedly from Ticketmaster claiming some Ticketmaster customers’ personal information was involved in a data breach. Wanting to make sure they didn't fall victim to a scam, they reached out to us to confirm it was real.
THE QUESTION
Is the recent email about a Ticketmaster data breach real?
THE SOURCES
THE ANSWER
Yes, the email about a Ticketmaster data breach is real.
WHAT WE FOUND
The email alerting Ticketmaster customers about a security data breach is real, VERIFY found. Ticketmaster said they contacted customers in the U.S., Mexico and Canada to inform them of the breach. The email came from an official Ticketmaster support account and gave customers information on how they could receive free credit monitoring to protect themselves following the breach. Ticketmaster also wrote about the breach on their official website.
Customer names, basic contact information and payment card information, including credit or debit card numbers and expiration dates, may have been compromised in the data breach, the email says. The security incident happened between April 2 and May 18, Ticketmaster says, and there have been no other breaches since.
To help customers protect themselves from identity theft, Ticketmaster is offering free identity monitoring services.
“Identity monitoring will look out for your personal data on the dark web and provide you with alerts for 1 year from the date of enrollment if your personally identifiable information is found online,” Ticketmaster’s email said.
These services will be provided by Cyberscout, a TransUnion company specializing in fraud assistance and remediation services. Ticketmaster customers can sign up for Cyberscout using this link: https://surveys.ticketmaster.com/s/tu-sign-up
Ticketmaster is currently involved in a class-action lawsuit because of a data breach that occurred on or around the same time as the dates mentioned in the recent email.
According to court records filed in Pennsylvania, 560,000 customers were involved in the data breach. The hackers involved in that breach were attempting to sell customers’ personal information on the dark web.
VERIFY reached out to Ticketmaster to confirm whether the two incidents – the one mentioned in the lawsuit and the one referenced in the email – were the same, and did not hear back at the time of publication.
Here are other tips on what to do if you are a victim of a data breach.
Report the breach to your banking institutions and credit bureaus
If you think your social security number or other important personal details like your date of birth were compromised, you should contact your bank and consider freezing your credit, the Federal Trade Commission (FTC) says.
If a company is responsible for exposing someone’s personal information and offers free credit monitoring, the FTC advises customers “take advantage of it.” Also, monitor your credit report for any accounts or charges that aren’t recognized, and freeze your credit if there is unusual activity.
According to Equifax, one of the major credit bureaus, the security freeze restricts access to the credit report so people can’t extend credit in your name. When you want to apply for credit or when you know your credit is safe, you can request to temporarily or permanently remove the security freeze.
Here is how to contact the three major credit bureaus:
- Equifax
- https://www.equifax.com/personal/credit-report-services/ or (800) 525-6285
- Experian
- https://www.experian.com/fraud/center.html#content-01 or (888) 397-3742
- TransUnion
- https://fraud.transunion.com/fa/fraudAlert/landingPage.jsp or (800) 680-7289
Change your passwords and add two-factor authentication to your accounts
A lot of personal information is kept in online accounts and is accessible if someone has your login and password, including email, bank account, and other personal data. Changing your password is a necessary first step when your information is exposed in a data breach. Here are tips to consider when creating a new password:
- Make sure the password is at least 12 characters long
- Don’t use the same password for multiple accounts
- Set up multi-factor authentication, or two-factor authentication requirements
- Choose a password manager, like LastPass, to help keep track of passwords
- Pick a security question only you know the answer to
If someone is using your information to open new accounts or make purchases, you can get help at IdentityTheft.gov.
Here are more VERIFIED ways to protect yourself after falling victim to a scam.