Central Tickets, a discount theatre ticketing platform, has confirmed that it suffered a data breach that compromised the personal information of its users. The breach, which occurred on July 1, 2024, was only discovered in September when the Metropolitan Police alerted the company to chatter on the dark web regarding the incident. In a statement, the company clarified that the compromised data was located in a staging database used for testing purposes, separate from its main website and app, and that initial reports had overstated the number of affected users.
In his communication to customers, Chief Executive Lee McIntosh acknowledged the seriousness of the situation and expressed his unreserved apology for any distress caused. He detailed that the breach resulted in unauthorized access to certain personal identifiable information (PII) belonging to some users, including names, email addresses, mobile numbers, and hashed passwords. Upon learning of the breach, Central Tickets promptly reported the incident to the Information Commissioner’s Office (ICO) within the legally required 72-hour timeframe.
The company has taken immediate action in response to the breach. Central Tickets has locked down the affected staging database, enforced a forced password reset for all members, and conducted an audit of its IT infrastructure. McIntosh emphasized the company’s commitment to enhancing its cybersecurity measures to prevent similar incidents in the future. He stated that they are investing in proactive defenses to secure user data better and address the growing challenges of cybersecurity.
As a precaution, Central Tickets has warned customers that they may be targeted by phishing attempts due to the breach. Users are urged to remain vigilant and to closely monitor their accounts for any suspicious activity, including calls, emails, texts, or websites that may be phishing attempts or scams. The company is continuing its investigation in collaboration with an external cybersecurity team to better understand the breach’s scope and ensure the safety of its users moving forward.
