Australians are being urged to be careful in how they use the internet after Ticketek flagged a "cyber incident" that may have exposed customer details.
The ticketing company said in a statement that data from Ticketek Australia account holders stored on a cloud-based platform by a global third-party supplier had been affected.
"Since our third-party supplier brought this to our attention, over the past few days we have worked diligently to put every resource into completing an investigation so that we can communicate with you as quickly as possible," Ticketek said in an email sent to some of its customers.
"The available evidence at this time indicates that, from a privacy perspective, customer names, dates of birth and email addresses may have been impacted," the company said.
Home Affairs and Cyber Security Minister Clare O'Neil said on social media platform X that the National Office of Cyber Security had been informed by Ticketek Australia that "data belonging to their customers has been stolen".
"I'd ask Australians to be especially vigilant and on the lookout for scams during a time like this," O'Neil wrote.
"In a breach like this, Australians need to be aware of scams including phishing emails.
"Data breaches are becoming more common — in Australia and around the world. That means that we all have to be more careful in how we use the Internet."
The National Cyber Security Coordinator said the Australian Signals Directorate and the Australian Federal Police were also aware of the incident.
In response to the breach and the rise in cyber attacks, coalition frontbencher Dan Tehan said the government needs to keep evolving data protection laws to keep Australians safe.
"We need the government working with these companies to help and support them, but also these companies, owe it to the Australian people that they're doing everything they can to keep their data safe," he said.
Ticketek is one of Australia's largest ticket outlets. It handled ticketing for Taylor Swift's recent Australian tour. Source: AAP / Rounak Amini
"If it requires us looking at steeper penalties, so that (companies) undertake that responsibility seriously, then yes, we should look at that," he said.
"The problem is it's innocent Australians, who ultimately, in the end, pay the price if their data isn't protected."
Under laws passed in 2023, in response to a wave of high-profile data attacks like Medibank and Optus, companies can face penalties of up to $50 million for serious, repeat breaches.
Earlier this week, the Department of Home Affairs reportedly said it was working with Ticketmaster — a rival ticketing firm — regarding an apparent cybersecurity incident.
