Ticketmaster security breach
CGTN Europe interviews Graeme Stewart, Head of UK Public Sector at Check Point Software
Category
🗞
NewsTranscript
00:00 The personal details of over half a billion people could have been compromised following a security breach on the ticketing website Ticketmaster.
00:10 Australia is investigating claims the site was targeted by professional hacking group Shiny Hunters.
00:16 It's believed to have been behind a string of other high profile attacks.
00:20 This follows the US Department of Justice beginning an antitrust lawsuit into Ticketmaster, accusing it and its owner, concert promoter Live Nation, of monopolising the market.
00:31 Joining me now is Graham Stewart, head of UK Public Sector at Checkpoint Software.
00:36 Graham, not a great week for Ticketmaster, but let's focus on this data breach.
00:41 For the consumer, 560 million of them worldwide, the breach apparently leaked full names and addresses and part credit card details.
00:52 How damaging could that be for individuals? How could that info be used?
00:59 Well, the way to think of this is in terms of quantity versus quality.
01:04 So what you have here, if I had your email address, I could send you an annoying email.
01:09 If I have your email address, your mobile phone number, your home address, then suddenly that gives me scope for doing things that are far worse.
01:18 So you then multiply that up by the volume and all of a sudden this has, you know, quite, becomes very problematic to say the least.
01:27 And, you know, has implications for what someone could do, use that data for to actually go after these people again.
01:35 We see more and more of these breaches. And what I don't understand, Ticketmaster is an absolutely massive company.
01:42 How is such a massive company with surely millions and millions to spend on data protection being made so vulnerable?
01:51 And I think the key way to think about this is there's been lots of very large organisations all around the world that have suffered a breach like this and have been hacked.
02:02 And the way to think of it is, is these are very large organisations, very complex organisation handling vast amounts of data.
02:09 And typically the failure comes from one of three places. People, process, technology.
02:15 So typically somebody somewhere has been tricked into doing something or has done something inadvertent.
02:22 And that's been one of the causes. The process is that there's been a problem with governance.
02:27 There's been a problem with the rules that they've not actually been set properly or followed properly. And that's led to a problem.
02:33 The other piece is technology. So if you think of this in terms of something like AI, AI was science fiction five years ago and is now commonplace.
02:42 And we'll talk about it. We will use it the whole time. Cybersecurity is the same thing.
02:47 It's moving at a very fast pace of the defence technologies that you put in place.
02:52 You need to stay on top of these things. So you really do need to have the best cyber security technology in place that you can.
02:59 And then adapt these to the organisation to make sure you fend off these attacks.
03:03 But very, very unusually would it be just one of those things.
03:08 So that with this people process technology really caught an organisation gets.
03:12 It puts the consumer in a really difficult position because you go to a big online company feeling safe.
03:19 Ticketmaster, you feel safe. You're not dealing with some half known company.
03:24 What can you as an individual do even when doing online business with a big company that should be totally safe to protect yourself and your data?
03:33 So there's some general rules you need to apply. The general rule you need to apply when dealing with anybody, someone big, someone small on the Internet is you need to be suspicious.
03:44 OK, so make sure you use strong passwords when you log into websites. Don't reuse them.
03:49 OK, so make sure you're using a strong password, a different one every single time.
03:55 Use things like two factor authentication. So when the banks, when the website sends you a link to send you a request for a text message on your mobile phone to authenticate the transaction.
04:06 Make sure that's switched on. Really, really important. Something I do every day.
04:11 Look at your bank statements. Most of us have got banking apps. Now look at your bank statements and look for weird transactions.
04:18 OK, because and that's the way you keep a track on these things.
04:23 So, you know, everyone will see things coming through. If you don't recognise the transaction, phone the bank.
04:29 OK, get in touch with them. And 99 times out of 100, it's something that's been worded differently.
04:34 But you'll know. Be really cautious about any email that comes in with links that you don't like the look of.
04:43 If the wording is strange, if the grammar is strange, be really suspicious.
04:48 OK, don't click on things. The other thing is when the website says, would you like to save your credit card details for a faster transaction next time?
04:58 No, don't do that. Every time you make a transaction, you should be putting your card details in every single time.
05:05 Don't save your details. The minimum amount of information you can provide to an organisation.
05:10 And I'm not saying it's that, you know, that these are bad organisations, but protect yourself.
05:15 Think of it in terms of how you would go shopping. You wouldn't leave your credit card with your supermarket and go,
05:20 would you just hang on to this till I come in next time, please? Be suspicious.
05:24 Conduct business with an air of suspicion on the Internet.
05:28 All right. Be suspicious. We got it. Important advice. Thank you very much.
05:32 Graham Stewart, head of UK public sector at Checkpoint Software.