RBS and NatWest issue new cards following hack

Tuesday, 22 January, 2019

Six months after the hack at Ticketmaster, an online ticket company, the Royal Bank of Scotland and its subsidiary NatWest have issued replacement cards to those customers affected. The breach is known to have involved the personal details of more than 40,000 people in the UK.

Writing on their social media outlets, the banks said they were replacing the cards to ensure there would be ‘significant levels of security.’

Alongside the announcement, RBS customers who had used their cards at Ticketmaster received a letter. RBS emphasised this is a precautionary measure even if there is currently no indication that an individual’s data had been illegally accessed.

We’ll soon be sending you a new debit card. We’re doing this following a data breach at Ticketmaster last year, as we know you used your debit card listed above with them.

It’s just a precaution we take for you and all customers in similar circumstances to make sure your account is safe and secure.

Our priority is to make sure our customers’ data is secure. Following the breach disclosed by Ticketmaster, we are proactively reissuing cards to all impacted cardholders.

- Company letter: RBS

Last June Ticketmaster confessed that they had been hacked after cybercriminals had installed malicious software in the company’s customer support product which was hosted by a third-party supplier, Inbenta Technologies.

According to cybersecurity firm RiskIQ, the hack was carried out by a group known as Magecart. This group was also responsible for the attacks on British Airways earlier in the year, as well as the mega hits against US retailers Home Depot and Target in 2017. It is believed the group has been operating since at least 2015.

Initially Ticketmaster blamed the breach on Inbenta, who responded saying the fault lay with Ticketmaster’s use of custom code on their payment pages.

Ticketmaster directly applied the script to its payment page, without notifying our team. Had we known that script would have been used in that way, we would have advised against it, as it poses a security threat.

- Jordi Torras: CEO, Inbenta Technologies

Ticketmaster finally admitted that all credit and debit cards used between February and June last year for UK customers and between September 2017 and June 2018 for international customers were at risk.

Once the dust had settled it was estimated some 40,000 Brits had been directly affected and found their names, addresses, email addresses and payment details had been exposed.

While welcome by customers, the reissue of cards comes nine months after online bank Monzo took similar action after the breach. When Ticketmaster finally went public with the breach, Monzo said they had detected problems as early as April last year and subsequently blocked a number of cards using Ticketmaster. The bank said it had informed Ticketmaster immediately and then proactively replaced the cards of all their customers.

Image: Binar Schwarz Cyber

Tim Bamford author picture


Tim is a veteran freelance journalist writing extensively on internet news and cybersecurity.