Central Tickets, a seat-filling ticket agency launched in 2017, suffered a major data breach over the summer.
As a result, Central Tickets has recommended users reset their passwords after personal information was accessed by hackers.
Chief executive Lee McIntosh sent out an email warning customers about the breach and to offer the company’s apologies. McIntosh also confirmed that the breach occurred in a staging database, hosted on a separate server, due to unauthorised access by a threat actor.
He explained: “This staging environment, used solely for testing purposes, is isolated from our main website and app. The breach, which occurred on 1st July, 2024, exposed various Personal Identifiable Information (PII) belonging to some of our members.
“On 11th September, 2024, the Metropolitan Police informed us of chatter on the dark web indicating that a breach may have occurred. Prior to this, we had no knowledge or indication that our systems had been compromised. The initial police report did not include specific details or sources, making it difficult to verify the situation immediately, as we had no direct visibility of the data involved.”
Central Tickets then reported the breach to the Information Commissioner’s Office (ICO) on September 13, which is required by law. The business then engaged a Crest-accredited Cyber Incident Response (CIR) team to investigate the breach.
After a report was delivered following the investigation, Central Tickets confirmed that the data obtained included first and last names, email addresses, mobile numbers, hashed passwords and IP addresses.
“The most likely risks involve phishing attempts. We urge you to remain vigilant and monitor your accounts closely and be cautious of any suspicious calls, emails, texts, or websites that could be phishing or scams,” added McIntosh.
Central Tickets has taken a number of steps to secure customers’ data following the breach including locking down the compromised staging database and its environment, implementing a forced password reset for members, conducting a comprehensive audit of its IT infrastructure, enhancing overall security measures, and engaging with an external provider for regular security audits.
“We are committed to doing everything possible to prevent a recurrence. Cybersecurity is a growing challenge for businesses, and we are investing in proactive defences to secure your data in the future,” added McIntosh.
Share this