Monzo Warned Of Ticketmaster Breach Months Before It Was Announced

One bank says it warned Ticketmaster about a malicious software breach that leaked the personal information of tens of thousands of customers months before the company alerted the public.

Last month, Ticketmaster U.K. revealed that it had identified malicious software on a customer support product, hosted by Inbenta Technologies, an external third-party supplier to Ticketmaster. The company says less than 5 percent of its global customers have been affected. Customers in North American have not been impacted.

“As soon as we discovered the malicious software, we disabled the Inbenta product across all Ticketmaster websites,” the company wrote in a post. “As a result of Inbenta’s product running on Ticketmaster International websites, some of our customers’ personal or payment information may have been accessed by an unknown third party.”

But Monzo, a mobile-only bank based in the U.K., revealed that it spotted signs of this breach back in early April and proactively replaced the cards of all Monzo customers who could have been affected as well as alerted Ticketmaster about the security issue. After 50 customers contacted the bank to report fraudulent transactions on their accounts, Monzo replaced their cards and started to investigate.

Natasha Vernier, head of financial crime for Monzo, wrote in a blog post, “Our Financial Crime and Security team noticed a pattern: 70 percent of the customers affected had used their cards with the same online merchant between December of last year and April this year. That merchant was Ticketmaster. This seemed unusual, as overall only 0.8 percent of all our customers had used Ticketmaster.”

In the following days, Monzo’s team reached out to other banks and the U.S. Secret Service to report their findings. On April 12, it reached out to members of Ticketmaster’s security team, who said they would investigate internally, but reported back to Monzo the following week that the team had found no signs of a breach.

Ticketmaster previously said that it did not identify the breach until June 23.

A Ticketmaster spokesperson said in a statement last week, according to Fortune“When a bank or credit card provider alerts us to suspicious activity, it is always investigated thoroughly with our acquiring bank, which processes card payments on our behalf. In this case, there was an investigation, but there was no evidence that the issue originated with Ticketmaster.”