Seat-filling ticket agency suffers serious data breach
Central Tickets recommends users of its low-priced ticket service change their passwords after personal information of tens of thousands of users was accessed by hackers.
A ticketing agency that provides customers with cheap seats to struggling shows has issued a warning following a major data breach.
Central Tickets, which launched in 2017, offers members tickets for “seat-filling shows” – where a venue is keen to fill empty seats – for between £4 and £6.50.
The firm has confirmed that a data breach has resulted in the personal details of registered users being compromised.
An email sent to customers by Central Tickets’ chief executive officer Lee McIntosh, seen by Arts Professional, said names, email addresses, mobile numbers and passwords were accessed in the attack.
The firm has said that while the passwords had been “hashed” – a form of encryption – it is recommended that if members use the same password on other sites they should change it “as a precaution”.
It says the most likely risks for those affected are from phishing attempts.
“We urge you to remain vigilant and monitor your accounts closely and be cautious of any suspicious calls, emails, texts or websites that could be phishing or scams,” McIntosh said.
Dark web ‘chatter’
McIntosh said that although the data breach occurred in early July, it was not until last month that the Metropolitan Police informed it of “chatter on the dark web indicating that a breach may have occurred”.
A report conducted by an external cyber incident response team, which Central Tickets says it received on Monday (7 October), found the breach occurred in a staging database, hosted on a separate server, following “unauthorised access by a threat actor”.
Central Tickets said it has “locked down” the compromised database, adding that all data within it has been securely removed.
It added that a comprehensive audit of its IT infrastructure has confirmed that its website application is secure.
“We are enhancing our overall security measures to provide greater protection for your personal data moving forward,” McIntosh said.
“We’ve engaged an external provider under a three-year contract for regular security audits, continuous monitoring, and expert cyber defence support to protect our systems and data.”
“As chief executive officer, I acknowledge the seriousness of the situation and I would like to offer my unreserved apology to you for any distress or concern this may have caused.”
“We are committed to doing everything possible to prevent a recurrence. Cybersecurity is a growing challenge for businesses, and we are investing in proactive defences to secure your data in the future.”
Join the Discussion
You must be logged in to post a comment.