Personal details of probably thousands of people have ended up on the street due to a leak at the Ticketcounter company. It concerns names, e-mails, dates of birth, addresses and bank account numbers. Ticketcounter arranges reservations and payments on behalf of zoos, amusement parks, museums and events.
Ticketcounter was recently told by security experts that users’ data was being offered on the dark web, a part of the web that is not easily accessible. The company then discovered that a major data breach was caused by “human error”. Data that was confidential has been stored in the wrong place, says director Sjoerd Bakker.
Bakker speaks of a nightmare. He has also been extorted since Friday with requests to transfer money. “If I don’t do that, they threaten to spread the data of customers further. They wanted seven bitcoins. I have called in the police and the cyber team of the Rotterdam police is investigating. I have not paid and that is not going to happen.”
Ticketcounter customers have already informed people of the leak via e-mails and advised them to be alert for phishing. Ticketcounter says that data has been leaked from the period from mid-2017 to August 4 last year.
Ticketcounter immediately deleted the data file when it heard that the data was offered for sale. In hindsight, that was not the correct response, according to Bakker. “We could have secured the data better than we could have seen what exactly was leaked.”
“It’s the worst nightmare that can happen to you,” says Bakker. “Our business is trust, we do everything we can. We put a lot of money, energy and time into it, but those statements are worth little if such a mistake is made.”