TICKETMASTER WAS WARNED about the data breach on its systems two months ago, Monzo has claimed.
The hipster mobile-only banking service said in a blog post on Thursday that it warned Ticketmaster - which yesterday claimed it hadn't learnt of the breach until June - about a possible identity theft problem on 12 April.
Monzo spotted to notice a problem on 6 April, it says, when 50 customers got in touch with us to report fraudulent transactions on their accounts. After a closer inspection by the firm's Financial Crime and Security Team, Monzo said it became apparent that 70 per cent of affected customers had used their cards with Ticketmaster.
The firm said continued to receive similar reports, Monzo said it has since contacted around 6,000 of its customers that had ever dealt with Ticketmaster to replace their cards.
Ticketmaster, after visiting Monzo's offices on 12 April, reportedly promised to "investigate internally", and the firm later told the digital back that the investigation "found no evidence of a breach and that no other banks were reporting similar patterns."
This week, however, Ticketmaster admitted that it had fallen victim to a data breach, with the payment details of up to 40,000 UK customers potentially accessed by an unknown third party.
In an alert on its website, Ticketmaster admitted that, on Saturday 23 June - allegedly - it "identified malicious software on a customer support product hosted by Inbenta Technologies, an external third-party supplier to Ticketmaster."
As a result of Ibenta's product running on Ticketmaster international websites - customers' personal data "may have been accessed by an unknown third party," it added, clarifying that this information includes users' names, addresses, email addresses, telephone numbers, Ticketmaster login details and, in some cases, payment details.
Affected customers include Brits who purchased, or attempted to purchase tickets between February and June 23 2018, as well as international customers who purchased, or attempted to purchase tickets between September 2017 and June 23, 2018.
Given Monzo's claims that Ticketmaster was sitting on the breach for two months, the firm could potentially face a hefty fine under the EU's new GDPR laws, that require firms to report data breaches without "undue delay, and where feasible, not later than 72 hours after having become aware of it."
The Information Commissioner's Office said it was investigating the breach. µ
Getting botter all the time
It's the best of the rest from Google's week
Just like we promised ourselves we wouldn't do again