The irony of TicketMaster's breach notification email


TicketMaster has joined the long list of companies to lose their customers' information. As is common, they sent out an email to warn poor sods like me who might have had our details snaffled.

Their email is particularly poor and contains a delightful example of how not to communicate issues like this. See if you can spot it:

What is Ticketmaster doing to protect customers? We have been working with industry-leading cybersecurity experts, the relevant authorities, including law enforcement, as well as credit card companies and banks. No further unauthorised activity has been seen in the cloud database since we began our investigation. We are offering you a free 12-month identity monitoring service with TransUnion. These services will be provided by Cyberscout, a TransUnion company specialising in fraud assistance and remediation services. You can sign up for this service through the following link: https://bit.ly/TU-sign-up What can I do? There is nothing you need to do. However, exposure of personal information can, in some cases, increase the risk of identity theft or fraud, so it’s always a good idea to monitor your bank accounts. If you notice any suspicious activity, contact your bank and/or credit card companies. Be cautious of unsolicited emails from unknown senders, especially those with unusual content, links, attachments, or requests for personal information over the phone. If you have any questions, you can visit https://bit.ly/Ticketmaster-Data-Security-Incident or contact us at ticketmastersupport@ticketmaster.com. Ticketmaster understands the importance of your personal information and we take its protection very seriously. We apologise for having to write to you in these circumstances.

In the same breath as warning their customers to look out for suspicious links in emails, they include two obfuscated Bit.ly links!

Anyone can create a Bit.ly link and give it any name.

For example - https://bit.ly/TicketMaster-DataSecurity-Incident.

I've written many times before about Bit.ly and why you should not use it. It stops users understanding where they're going, it trains users to ignore what a link says, it exposes your users to unwanted tracking, and it puts your links under the control of a 3rd party.

If you are ever confronted with a Bit.ly link, add a + to the end of it to see its destination - for example https://bit.ly/TU-sign-up+.

Companies need to do much better. Professional crisis communications writers need to understand the Internet and how to foster a culture of security.


Share this post on…

  • Mastodon
  • Facebook
  • LinkedIn
  • BlueSky
  • Threads
  • Reddit
  • HackerNews
  • Lobsters
  • WhatsApp
  • Telegram

4 thoughts on “The irony of TicketMaster's breach notification email”

  1. pirnz says:

    Here is a 12-month identity monitoring service, and just in case, monitor your bank account. But really, there's nothing you have to do 🙂

    Reply

What are your reckons?

All comments are moderated and may not be published immediately. Your email address will not be published.

Allowed HTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <p> <pre> <br> <img src="" alt="" title="" srcset="">