Royal Bank of Scotland, Natwest fling new bank cards at folks after Ticketmaster hack

Fresh plastic comes six months after ticket flogger fessed up to Magecart malware infection

The Royal Bank of Scotland and NatWest have issued customers with replacement cards as a result of last year’s Ticketmaster breach that hit around 40,000 Brits.

The banks said on social media they were swapping out the plastic used by punters on Ticketmaster's website as part of efforts to ensure “significant levels of security”.

The letter states that replacement cards are being sent to anyone who used their card at Ticketmaster, noting it is a "precaution" and that in some cases there is no indication that person's information has been accessed.

In a statement, RBS said: "Our priority is to make sure our customers' data is secure. Following the data breach disclosed by Ticketmaster, we are proactively reissuing cards to all impacted cardholders."

Ticketmaster admitted in June that its website's payment pages had become infected by Magecart malware. At the time, it blamed third-party supplier Inbenta Technologies – but that firm said the custom JavaScript it had written for Ticketmaster should not have been used on payment pages.

"Ticketmaster directly applied the script to its payments page, without notifying our team. Had we known that script would have been used in that way, we would have advised against it, as it poses a security threat," said Inbenta CEO Jordi Torras.

Ticketmaster said all cards used between February and June 2018, for UK customers, and between September 2017 and June 2018, for international customers, were at risk.

Some 40,000 Brits were estimated to have been hit in the incident, which exposed people's names, addresses, email addresses and payment details.

In December, one Reg reader told us that two of his cards – both of which were linked to his Ticketmaster account – were being used for unauthorised transactions.

The decision by RBS – which is the parent company of NatWest – to replace affected customers' cards, while welcomed by customers, comes about nine months after online banking upstart Monzo took similar action.

When Ticketmaster went public, Monzo piped up to say its internal fraud detection systems had "spotted signs" as early as April, blocking a number of cards that had also been used at Ticketmaster. The firm said it told Ticketmaster and then "proactively replaced the cards of all Monzo customers who could have been affected".®

Other stories you might like

Biting the hand that feeds IT © 1998–2022