Ticketek Breach: Cloud Supplier Implicated, Millions Exposed    

In late May 2024, Ticketek Australia, a major player in the event ticketing world, announced a significant data breach that exposed the personal information of potentially millions of its customers.    
The initial revelation pointed to a compromise within a cloud-based platform hosted by a "reputable, global third-party supplier," immediately highlighting the pervasive risks associated with third-party vendor security. While Ticketek itself wasn't directly hacked, the incident has thrown a harsh spotlight on the interconnectedness of digital services and the cascading impact when one link in the chain breaks.   
    
The critical moment of discovery appears to have been a notification from this third-party supplier. Subsequently, a notorious threat actor known as 'Sp1d3r' listed a massive database purportedly from TEG, Ticketek's parent company, for sale on a cybercrime forum. This leak, which the hacker claimed contained data from up to 30 million TEG users - including names, dates of birth, email addresses, and hashed passwords - is widely believed to originate from Ticketek.    
    
Investigations suggest a possible link to a broader campaign targeting users of Snowflake, a cloud data warehousing firm, although Ticketek has not officially confirmed this connection. The attackers seem to have exploited stolen customer credentials, some possibly obtained years ago through unrelated malware campaigns, to access the database.   
    
Ticketek, owned by TEG Pty Ltd, is a prominent ticketing company for entertainment and sporting events across Australia and New Zealand, selling millions of tickets annually. Founded in 1990, it has a long history in the industry and manages ticketing for major venues.    

Breach Unveiled: A Timeline    

• Late May 2024: Ticketek announces it has become aware of a cyber incident impacting Australian account holder information stored on a third-party cloud platform. Minister for Cyber Security Clare O’Neil describes it as "potentially affecting many Australians."    
• May 31, 2024: Ticketek's parent company, TEG, posts a confirmation of the incident.    
• June 1, 2024: Ticketek begins emailing Australian customers, informing them that names, dates of birth, and email addresses were likely exposed.    
• June 2024 (undisclosed date): A hacker, 'Sp1d3r', advertises a database allegedly from TEG, containing details of up to 30 million users, for sale on a cybercrime forum for $45,000 (US$30,000). The hacker provides a sample of over 200 individuals' data.    
• June 19, 2024: The NSW Government acknowledges the Ticketek data breach.    
• June 24, 2024: Reports emerge detailing the hacker's attempt to sell the data, with security firm HackManac suggesting a "probable Snowflake-related data breach."    
• June 28, 2024: Ticketek provides an update, stating it has sought and been granted an injunction to prevent the dissemination of the impacted data. Troy Hunt's "Have I Been Pwned" platform lists 17.6 million unique email addresses linked to the breach.    
• July 17, 2024: The NSW Government provides an update on its assistance in the response to the breach.    
  2025.    

Ticketek's Response Under Scrutiny    

In the aftermath of the breach, Ticketek initiated several actions. The company publicly acknowledged the incident and began notifying potentially affected individuals via email and through its website.    
    
Ticketek reassured customers that its own systems for password encryption and online payment processing were not compromised, as these are separate and employ secure encryption methods. The company emphasized that it does not hold identity documents for its customers.   
    
An investigation was launched, and Ticketek stated it was cooperating with authorities, including the Australian Cyber Security Centre (ACSC), the Office of the Australian Information Commissioner (OAIC), and the National Office of Cyber Security.     
As part of its recent response, Ticketek successfully sought an injunction to prevent any third party from accessing, disseminating, or publishing the exposed data.   
   
The company has also been urging customers to remain vigilant against potential scams and social engineering attempts, as there are reports of third parties contacting customers about their compromised information. For ongoing support, while a dedicated hotline is set to close in May 2025, an email address (cybersafe@ticketek.com.au) will remain available for inquiries related to the breach.   
The ongoing investigation will be crucial in determining the full scope of the exposed information and the long-term implications for affected individuals, potentially leading to discussions around a settlement or lawsuit if negligence is established.