Two global companies, digital ticketing giant, Ticketmaster and leading commercial bank, Santander, were hit by major data breaches that appear to be linked to cyber attacks targeting the same cloud data platform, Snowflake. As the source of the breach remains unclear – Snowflake denies a breach – the damage is likely far from over.
With 590 million data records exposed between the two incidents, these recent breaches serve as a stark reminder for finance leaders that security threats lurking in your software supply chain can often prove the most deadly, giving rise to financial scams in the aftermath.
Ticketmaster and Santander were both victims of third-party data breaches. This type of security incident occurs when a third party handling or storing data on behalf of a company (often a software provider) is compromised, exposing the target company’s data.
While the root cause of these security incidents remains unfounded, the mutual link between Ticketmaster and Santander is clear. With Snowflake’s customer list boasting the likes of Adobe, Canva, and Mastercard, cybercriminals could be sitting on even larger caches of compromised data yet to be reported.
Santander releases a company statement reporting unauthorised access to one of its databases “hosted by a third-party provider,” but the third party remains unnamed.
A post from a recently registered account appears on Russian cybercrime forum Exploit, advertising 1.3 TB of Ticketmaster data, including more than 560 million people’s information, for US$500,000. Compromised data allegedly includes names, addresses, email addresses, phone numbers, credit card details, ticket purchase histories, and more. The same advertisement appeared on rival dark web marketplace BreachForums a day later.
ShinyHunters, the hacking group responsible for the recent US telecom AT&T data breach, claims to be selling Santander customer details and staff information totalling 30 million records worth, with a US$2 million price tag.
Ticketmaster’s parent company, Live Nation, confirms “unauthorized activity within a third-party cloud database environment containing Company data” and the alleged appearance of “Company user data for sale via the dark web,” pending further investigation, in a securities filing dating back to 20 May 2024.
The Australian Cyber Security Centre (ACSC) releases a high-alert advisory recommending Snowflake customers enable MFA, disable unused accounts, and investigate unusual user activity.
Snowflake acknowledges a potentially “targeted threat campaign against some Snowflake customer accounts” but denies wrongdoing, having “not identified evidence suggesting this activity was caused by a vulnerability, misconfiguration, or breach of Snowflake’s platform.”
CISA publishes a cybersecurity advisory alert recommending Snowflake customers take steps to identify unusual activity and conduct further analysis to prevent unauthorised access.
More to come.
Large-scale data breaches are known to increase scam activity – oftentimes months after the initial track occurs. Take, for instance, the Medibank data breach that was linked to 11,000+ other cyber incidents earlier this year. With close to 600 million sensitive data records allegedly in the hands of cybercriminals, AP teams should brace themselves for heightened suspicious activity.
Potential risks to prepare for include:
When a data breach occurs, AP teams need to stay informed on the latest updates to ensure they’re on guard during periods of heightened suspicious activity. They should also undergo routine training and awareness programs to ensure adequate financial controls are in place to identify and intercept scam attempts in their tracks.
Crowdstrike outage aftermath: Government warnings, scam attempts, and essential steps to safeguard your business from cybercriminals.
See how a Rite Aid data breach compromised 2.2M customers’ data through an elaborate impersonation attack. Learn about the risks and preventive measures.
AT&T’s data breach exposes phone records of 110 million customers in Snowflake cyber incident, highlighting cloud security risks. Learn more.
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.
