Ticketmaster has admitted that it has suffered a security breach, which the BBC understands has affected up to 40,000 UK customers.
Malicious software on third-party customer support product Inbenta Technologies caused the hack, the firm said on Twitter.
“Some personal or payment information may have been accessed by an unknown third party”, it added.
All affected customers have been contacted.
In the email to those customers, Ticketmaster said it had set up a website to answer any questions and advised them to reset their passwords. It also offered them a free 12-month identity monitoring service.
It said the breach is likely to have only affected UK customers who purchased or attempted to purchase tickets between February and 23 June 2018 but, as a precaution, it has also informed international customers who purchased or attempted to purchase tickets between September 2017 and 23 June 2018.
The company added that North American customers were not affected.
Information that may have been compromised includes names, addresses, email addresses, telephone numbers, payment details and Ticketmaster log-in details.
It said that “forensic teams and security experts are working around the clock” to understand how data was compromised.
Ticketmaster is confident it has complied with General Data Protection Regulation (GDPR) rules – acting very quickly and informing all relevant authorities, including the Information Commissioner’s office.