Published Date: 2018-06-27
| Postmortem Analysis | |
|---|---|
| Timeline | 1. The software failure incident involving Ticketmaster occurred between September 2017 and February 2018 as per the articles [72571, 72576]. 2. The incident was discovered on June 23, 2018, as mentioned in article [72572]. Therefore, the software failure incident happened between September 2017 and February 2018. |
| System | 1. Customer support product supplied by Inbenta Technologies [Article 72571, Article 72576, Article 72572] 2. Ticketmaster's customer support product hosted by Inbenta Technologies [Article 72571, Article 72576, Article 72572] |
| Responsible Organization | 1. Inbenta Technologies [72571, 72576, 72572] 2. Ticketmaster (due to the use of a customer support product supplied by Inbenta Technologies) [72571, 72576, 72572] |
| Impacted Organization | 1. Ticketmaster customers in the UK [72571, 72576, 72572] 2. Ticketmaster customers in Australia and New Zealand [72571] 3. Ticketmaster customers globally [72572] |
| Software Causes | 1. Malicious software embedded in a customer support product supplied by Inbenta Technologies [72571, 72576, 72572] 2. Data breach involving the use of malicious software to steal personal and payment information [72571, 72576, 72572] |
| Non-software Causes | 1. Delay in disclosing the breach, as some UK banks knew about the incident since early April [Article 72572] 2. Failure to respond promptly to warnings from Monzo about compromised cards [Article 72572] |
| Impacts | 1. Personal and payment information of customers, including names, addresses, email addresses, phone numbers, payment details, and Ticketmaster login details, may have been accessed by an unknown third party [72571, 72576, 72572]. 2. Fraudulent transactions were reported, with fraudsters spending customers' cash on services like money transfer service Xendpay, Uber gift cards, and Netflix [72572]. 3. Customers were advised to monitor their bank accounts for any irregularities and to be vigilant for potential fraud or identity theft [72571, 72576, 72572]. 4. Ticketmaster offered affected customers a free 12-month identity monitoring service and set up a dedicated website for addressing questions and concerns [72576, 72572]. 5. The breach affected customers who purchased or attempted to purchase tickets between specific time frames, potentially leading to concerns over delayed disclosure of the breach [72572]. |
| Preventions | 1. Implementing stricter security measures and regular security audits to detect vulnerabilities in third-party software products like the one provided by Inbenta Technologies could have prevented the software failure incident [72571, 72576, 72572]. 2. Promptly addressing and acting on the warning signals from entities like Monzo, who identified a spike in frauds related to interactions with Ticketmaster, could have helped prevent the incident from escalating [72572]. 3. Enhancing communication and collaboration between different stakeholders, such as banks, cybersecurity specialists, and ticketing companies, to ensure swift response and mitigation of potential breaches could have been a preventive measure [72572]. |
| Fixes | 1. Implementing stricter security measures to prevent future cyber attacks, such as regularly updating security protocols and conducting thorough security audits [72571, 72576, 72572]. 2. Enhancing monitoring systems to detect any unusual activities or breaches promptly [72571, 72576, 72572]. 3. Conducting thorough investigations to understand how the data was compromised and taking necessary actions to prevent similar incidents in the future [72571, 72576, 72572]. 4. Collaborating with relevant authorities, credit card companies, and banks to address the aftermath of the breach and ensure customer data protection [72571, 72576, 72572]. 5. Providing affected customers with identity monitoring services and support to mitigate potential risks of fraud or identity theft [72576, 72572]. | References | 1. Ticketmaster spokesperson [Article 72571] 2. Ticketmaster Twitter account [Article 72576] 3. The Guardian [Article 72572] 4. Digital bank Monzo [Article 72572] |
| Category | Option | Rationale |
|---|---|---|
| Recurring | one_organization, multiple_organization | (a) The software failure incident having happened again at one_organization: - Ticketmaster experienced a security breach due to malicious software on a third-party customer support product provided by Inbenta Technologies [72571, 72576, 72572]. - This incident led to the compromise of personal and payment information of customers who purchased tickets through Ticketmaster's UK website [72571, 72576, 72572]. - The breach affected tens of thousands of customers, with less than 5% of Ticketmaster's global customer base being impacted [72571, 72576, 72572]. - Ticketmaster had faced a similar incident before, where a security breach occurred due to the same third-party customer support product [72571, 72576, 72572]. (b) The software failure incident having happened again at multiple_organization: - The incident involving the security breach due to malicious software on a third-party customer support product affected not only Ticketmaster but also other UK websites owned by Ticketmaster, including TicketWeb and Get Me In! [72572]. - The breach also raised concerns about potential fraud or identity theft for customers who purchased tickets between February and June 2018 [72572]. - Digital bank Monzo identified a spike in fraud cases related to Ticketmaster interactions and warned about a significant data breach at Ticketmaster, indicating a broader impact beyond just Ticketmaster customers [72572]. |
| Phase (Design/Operation) | design, operation | (a) The software failure incident related to the design phase was due to the malicious software embedded in a customer support product supplied by Inbenta Technologies. This software was responsible for accessing customers' personal or payment information, leading to a data breach affecting thousands of Ticketmaster customers [72571, 72576, 72572]. (b) The software failure incident related to the operation phase was due to the misuse of customers' data by an unknown hacker who gained unauthorized access to Ticketmaster's systems through the malicious software. This misuse resulted in fraudulent transactions and potential identity theft for the affected customers [72571, 72576, 72572]. |
| Boundary (Internal/External) | within_system, outside_system | (a) within_system: - The software failure incident involving Ticketmaster was caused by malicious software embedded in a customer support product hosted by Inbenta Technologies, which was a third-party supplier [72571, 72576, 72572]. - Ticketmaster discovered that the malware on the customer support product was exporting UK customers' data to an unknown third party, resulting in the unauthorized access to customers' personal and payment information [72572]. - Ticketmaster had interactions with Inbenta Technologies to handle customer support, and this interaction led to the compromise of customer data [72571, 72576, 72572]. (b) outside_system: - The software failure incident was triggered by a cyber attack on Ticketmaster's operations in Britain, indicating an external threat [72571]. - The breach involved malicious software used to steal customers' data, suggesting an external source exploiting vulnerabilities in the system [72572]. - The breach was not limited to the UK, as customers in Australia and New Zealand were also affected, highlighting the global reach of the incident [72571]. |
| Nature (Human/Non-human) | non-human_actions, human_actions | (a) The software failure incident occurring due to non-human actions: - The software failure incident involving Ticketmaster was caused by malicious software embedded in a customer support product supplied by Inbenta Technologies, an external third-party supplier [72571, 72576, 72572]. - The malicious software led to the unauthorized access of customers' personal or payment information by an unknown third party [72571, 72576, 72572]. (b) The software failure incident occurring due to human actions: - Monzo, a digital bank, identified a spike in frauds in April and found that every customer who lost money had interacted with Ticketmaster, indicating a potential data breach [72572]. - Monzo contacted Ticketmaster on 12 April to report the issue but faced challenges in getting a response from the company [72572]. - Ticketmaster faced criticism for potential delays in disclosing the breach, as some UK banks had known about the incident since early April [72572]. |
| Dimension (Hardware/Software) | software | (a) The software failure incident related to hardware: - The software failure incident reported in the articles was not attributed to hardware issues. The incident was primarily caused by malicious software used in a customer support product supplied by another company, Inbenta Technologies, which led to the data breach affecting Ticketmaster customers [72571, 72576, 72572]. (b) The software failure incident related to software: - The software failure incident was directly linked to software issues. Malicious software embedded in a customer support product provided by Inbenta Technologies was the root cause of the data breach that impacted Ticketmaster customers [72571, 72576, 72572]. |
| Objective (Malicious/Non-malicious) | malicious | (a) The software failure incident related to the Ticketmaster breach was malicious in nature. The incident involved a cyber attack where malicious software was embedded in a customer support product supplied by Inbenta Technologies, leading to unauthorized access to customers' personal and payment information by an unknown hacker [72571, 72576, 72572]. (b) The incident was non-malicious in the sense that it was not caused by accidental errors or system faults but rather by intentional actions of a third-party hacker who exploited the software vulnerability to steal data [72571, 72576, 72572]. |
| Intent (Poor/Accidental Decisions) | poor_decisions, accidental_decisions | (a) The software failure incident related to the Ticketmaster data breach was primarily due to poor_decisions. Ticketmaster's decision to use a customer support product from Inbenta Technologies, which was later found to have malicious software embedded in it, contributed to the breach [72571, 72576, 72572]. Additionally, there were concerns raised about a potential delay in disclosing the breach, as some UK banks had known about the incident since early April [72572]. (b) The software failure incident also involved accidental_decisions. Monzo, a digital bank, identified the link between fraud cases and interactions with Ticketmaster in April but faced challenges in getting Ticketmaster to address the issue promptly [72572]. This delay in taking action despite being alerted to the problem could be considered an accidental decision that contributed to the impact of the breach. |
| Capability (Incompetence/Accidental) | development_incompetence, accidental | (a) The software failure incident related to development incompetence is evident in the articles through the use of a customer support product supplied by Inbenta Technologies. Ticketmaster discovered that malicious software had been embedded in this third-party product, leading to the compromise of customers' personal and payment information [72571, 72576, 72572]. This incident highlights a failure in the development process where the software integrated from a third-party supplier contained vulnerabilities that were exploited by hackers. (b) The software failure incident related to accidental factors is seen in the breach caused by the malicious software on the third-party customer support product. Ticketmaster stated that some personal or payment information may have been accessed by an unknown third party due to this accidental breach [72571, 72576, 72572]. The breach was not intentional but occurred as a result of the software vulnerability introduced accidentally, leading to unauthorized access to sensitive customer data. |
| Duration | temporary | (a) The software failure incident in the articles appears to be temporary. The incident was caused by malicious software embedded in a customer support product supplied by Inbenta Technologies, affecting Ticketmaster's operations in the UK [72571, 72576, 72572]. The breach was discovered on June 23, 2018, and Ticketmaster took immediate action to inform affected customers, set up a website for inquiries, advised password resets, and offered identity monitoring services. Forensic teams and security experts are actively working to understand how the data was compromised, indicating ongoing efforts to address the issue. |
| Behaviour | omission, value, other | (a) crash: The software failure incident in the articles does not specifically mention a crash where the system loses state and does not perform any of its intended functions. (b) omission: The incident involves a failure where the system omits to perform its intended functions at an instance(s) due to malicious software on a third-party customer support product causing a hack [72571, 72576, 72572]. (c) timing: The incident does not involve a failure where the system performs its intended functions correctly, but too late or too early. (d) value: The failure involves the system performing its intended functions incorrectly, leading to the compromise of personal or payment information of customers [72571, 72576, 72572]. (e) byzantine: The incident does not exhibit a byzantine behavior where the system behaves erroneously with inconsistent responses and interactions. (f) other: The software failure incident involves a breach where malicious software led to the unauthorized access of customer data, indicating a security vulnerability in the system [72571, 72576, 72572]. |
| Layer | Option | Rationale |
|---|---|---|
| Perception | None | None |
| Communication | None | None |
| Application | None | None |
| Category | Option | Rationale |
|---|---|---|
| Consequence | property, theoretical_consequence | The consequence of the software failure incident related to property [(#72571), (#72576), (#72572)]. The software failure incident led to the compromise of personal and payment information of customers, including names, addresses, email addresses, telephone numbers, payment details, and Ticketmaster login details. This breach resulted in potential financial harm to the affected individuals, as fraudsters were able to make unauthorized transactions using the stolen data. Customers were advised to monitor their accounts for evidence of fraud or identity theft and to contact their banks and credit card companies if they noticed any suspicious activity. Additionally, Ticketmaster offered affected customers a free 12-month identity monitoring service to mitigate the impact of the breach. |
| Domain | entertainment | (a) The failed system was related to the entertainment industry, specifically ticket selling for events such as concerts, theatre, and sporting events. The incident involved Ticketmaster, a global ticketing group, where malicious software on a third-party customer support product led to a data breach affecting tens of thousands of customers who purchased tickets between certain periods [Article 72571, Article 72576, Article 72572]. |
Article ID: 72571
Article ID: 72576
Article ID: 72572