What to Expect in the Aftermath of Ticketmaster’s Data Breach

If the ShinyHunter’s breach is confirmed and Ticketmaster’s data is ultimately distributed, online fraud attacks will almost certainly increase.

For consumers, the feeling you experience when learning your personal data was stolen during a data breach is often just the start. Data breaches more often than not lead to additional fraud. Depending on the type of data stolen, we expect to see an increase in unauthorized account access or account takeovers, identity fraud, and financial fraud. Consumers that have had payment information exposed in these types of breaches have about a 25 percent higher chance of seeing unauthorized credit card charges than those who have not.

While the magnitude of the reported breach at Ticketmaster is staggering, such cyber-heists are becoming increasingly common — and they increasingly provide the raw materials for sophisticated criminal rings that rely on e-commerce fraud as a major revenue stream.

“The repercussions could last for months or even years, especially with the rise of sleeper accounts,” Signifyd Senior Risk Intelligence Manager Xavier Sheikrojan said of large breaches such as the reported Ticketmaster theft. “These accounts, created using stolen details, initially make small, credible orders to avoid detection, only to escalate to larger abuses later.”

As e-commerce has become a bigger segment of retail sales overall, online fraud has grown at an accelerating rate. Organized criminal fraud has increasingly become industrialized, growing in size and sophistication. Signifyd has seen the effects of that in large, relatively new criminal operations in Southeast Asia. One fraud ring in the region placed an estimated $1.4 billion in fraudulent e-commerce orders across the U.S. during the 2023 holiday season, according to a Signifyd analysis.

Meanwhile, fraud pressure on Signifyd’s Commerce Network of thousands of merchants is up 10 percent year-over-year. Fraud pressure measures the increase or decrease in the value of the goods and services targeted by fraudulent orders on Signifyd’s network.

Aside from providing the raw material for future fraud attacks, reports of the Ticketmaster attack could push merchants to overcompensate to avoid fraudulent orders. False declines — i.e., turning down legitimate orders for fear of fraud — can be more costly than fraud itself. During the 2023 holiday season, U.S. merchants turned away as much as $25 billion in legitimate orders for fear of fraud, according to a Signifyd analysis.

Consumers who believe their personal information may have been compromised in any data breach should keep a close eye on their credit card and other payment accounts. Placing a credit freeze through the major credit bureaus is a good idea in general, as is practicing good password hygiene by developing strong passwords, not reusing them and changing them on a regular basis.

Those curious about whether any of their passwords are at risk can find a comprehensive, though not complete, index of compromised passwords at I have been pwned.

Michael Pezely is the senior director of risk intelligence at Signifyd, an e-commerce fraud protection platform.