Ticketek Breach: Cloud Supplier Implicated Millions Exposed In late May 2024 Ticketek Australia a major player in the event ticketing world announced a significant data breach that exposed the personal information of potentially millions of its customers. The initial revelation pointed to a compromise within a cloud-based platform hosted by a “reputable global third-party supplier ” immediately highlighting the pervasive risks associated with third-party vendor security. While Ticketek itself wasn’t directly hacked the incident has thrown a harsh spotlight on the interconnectedness of digital services and the cascading impact when one link in the chain breaks. The critical moment of discovery appears to have been a notification from this third-party supplier. Subsequently a notorious threat actor known as ‘Sp1d3r’ listed a massive database purportedly from TEG Ticketek’s parent company for sale on a cybercrime forum. This leak which the hacker claimed contained data from up to 30 million TEG users – including names dates of birth email addresses and hashed passwords – is widely believed to originate from Ticketek. Investigations suggest a possible link to a broader campaign targeting users of Snowflake a cloud data warehousing firm although Ticketek has not officially confirmed this connection. The attackers seem to have exploited stolen customer credentials some possibly obtained years ago through unrelated malware campaigns to access the database. Ticketek owned by TEG Pty Ltd is a prominent ticketing company for entertainment and sporting events across Australia and New Zealand selling millions of tickets annually. Founded in 1990 it has a long history in the industry and manages ticketing for major venues. Breach Unveiled: A Timeline

Late May 2024:, Ticketek announces it has become aware of a cyber incident impacting Australian account holder information stored on a third-party cloud platform. Minister for Cyber Security Clare O’Neil describes it as “potentially affecting many Australians.” May 31 2024: Ticketek’s parent company TEG posts a confirmation of the incident. June 1 2024: Ticketek begins emailing Australian customers informing them that names dates of birth and email addresses were likely exposed. June 2024 (undisclosed date): A hacker ‘Sp1d3r’ advertises a database allegedly from TEG containing details of up to 30 million users for sale on a cybercrime forum for $45 000 (US$30 000). The hacker provides a sample of over 200 individuals’ data. June 19 2024: The NSW Government acknowledges the Ticketek data breach. June 24 2024: Reports emerge detailing the hacker’s attempt to sell the data with security firm HackManac suggesting a “probable Snowflake-related data breach.” June 28 2024: Ticketek provides an update stating it has sought and been granted an injunction to prevent the dissemination of the impacted data. Troy Hunt’s “Have I Been Pwned” platform lists 17.6 million unique email addresses linked to the breach. July 17 2024: The NSW Government provides an update on its assistance in the response to the breach. 2025.

Ticketek’s Response Under Scrutiny In the aftermath of the breach Ticketek initiated several actions. The company publicly acknowledged the incident and began notifying potentially affected individuals via email and through its website. Ticketek reassured customers that its own systems for password encryption and online payment processing were not compromised as these are separate and employ secure encryption methods. The company emphasized that it does not hold identity documents for its customers. An investigation was launched and Ticketek stated it was cooperating with authorities including the Australian Cyber Security Centre (ACSC) the Office of the Australian Information Commissioner (OAIC) and the National Office of Cyber Security. As part of its recent response Ticketek successfully sought an injunction to prevent any third party from accessing disseminating or publishing the exposed data. The company has also been urging customers to remain vigilant against potential scams and social engineering attempts as there are reports of third parties contacting customers about their compromised information. For ongoing support while a dedicated hotline is set to close in May 2025 an email address (cybersafe@ticketek.com.au) will remain available for inquiries related to the breach. The ongoing investigation will be crucial in determining the full scope of the exposed information and the long-term implications for affected individuals, potentially leading to discussions around a settlement or lawsuit if negligence is established.