Ticketmaster, a popular ticketing platform, has confirmed a data breach that compromised the personal information of North American customers. The breach, which occurred between April 2 and May 18, involved unauthorized access to a cloud database hosted by a third-party data services provider.

Customers affected by the breach, numbering greater than 1,000 individuals, received notifications from Ticketmaster regarding the incident. The company stated that an unauthorized third party obtained information that may include email addresses, phone numbers, encrypted credit card details, and other personal data provided during ticket purchases.

Reports indicated that a hacking group known as ShinyHunters claimed responsibility for stealing 1.3TB of data from Ticketmaster. Despite inquiries, Ticketmaster refrained from providing detailed comments beyond referring to a support document related to the breach.

Following the breach, California residents Cynthia Ryan and Rosalia Garcia filed a lawsuit against Ticketmaster and Live Nation in May. The lawsuit alleges that the companies failed to adequately secure personal information, including names, addresses, email addresses, phone numbers, ticket sales details, and partial payment card data. The compromised data was reportedly listed for sale on the dark web.

Live Nation, Ticketmaster’s parent company, acknowledged the breach in a regulatory filing and stated that a criminal threat actor attempted to sell the stolen data on the dark web. Investigations into the breach are ongoing.

In response to the breach, Ticketmaster is offering affected customers identity monitoring services through TransUnion. Customers are advised to enroll in the service within 90 days of receiving the notification. Additionally, the company recommends that customers monitor their credit and bank accounts for any suspicious activity.