Privacy commissioner launches investigation into Ticketmaster data breach

Will determine if company was in compliance with Personal Information Protection and Electronic Documents Act

Image | Ticketmaster Settlement

Caption: Privacy Commissioner of Canada Philippe Dufresne has launched an investigation into a cybersecurity breach at Ticketmaster in April and May. The commissioner says the firm holds the personal data of millions of Canadians. (Paul Sakuma/The Associated Press)

Canada's privacy commissioner has launched an investigation into a cybersecurity breach at Ticketmaster after an attack by a hacker group compromised the personal information of millions of customers around the world.
"The investigation will allow us to understand why this cyber incident happened and what must be done to address this situation and prevent it from happening again," Privacy Commissioner of Canada Philippe Dufresne said in a statement Wednesday.
The ticket-selling company wrote in an email to customers in early July that it discovered an "unauthorized third party" had obtained information from a cloud database hosted by a third-party company between April 2 and May 18 of this year.
The privacy commissioner's office said Ticketmaster holds the personal information of millions of Canadians.
The investigation will examine the company's security safeguards and whether it complied with breach notification requirements, the office said. It will also probe whether Ticketmaster was in compliance with the Personal Information Protection and Electronic Documents Act.

$500,000 US ransom

Earlier this month Ticketmaster told customers by email that the breach "may have included [their] name, basic contact information, and payment card information such as encrypted credit or debit card numbers and expiration dates."
News of the breach came after a hacking group called ShinyHunters claimed it had stolen the user data of more than 500 million Ticketmaster customers and demanded a ransom of $500,000 US ($680,000 Cdn), according to media reports.
Ticketmaster says it first identified the breach on May 20.