Ticketmaster Breach Highlights Retailers' Dependence on Multitude of Service Providers

Alex Campanelli | August 3, 2018 | tag: Retail

Early last month, it was disclosed that Ticketmaster suffered a data breach through a third party service provider as part of a payment card hacking campaign; Ticketmaster was just one of hundreds of victims. The threat actor, Magecart, compromised over 800 e-commerce sites by secretly installing digital card-skimming software on third-party components and services used by these retailers.

This breach highlights the growing number of third party service providers that retail and e-commerce companies rely on - and this is not unique to the retail industry, as most industries rely on similar third parties across their supply chains. Sometimes these organizations can have up to tens of thousands of third parties, all with a specific business function.

Retailers face a unique challenge by relying on so many third parties — this includes e-commerce businesses and others — where even one line of code compromised within that third party can affect an extremely significant amount of retailers. As the old saying goes, it only takes one. There is a network of interdependence clearly evidenced here by the third party platforms and service providers that compromised other retailers in addition to Ticketmaster. These service providers include Inbenta, SocialPlus, PushAssist, CMS Clarity Connect, and Annex Cloud.

BitSight researchers looked at the number of service providers that retail companies rely on. Our data shows that for retailers with a company size of 5,000 employees or more, the median number of service providers is 52. As one might assume, the larger the retailer, the more service providers they possess and the bigger their attack surface grows.


As retailers continue to rely on an increasing number of service providers, their risk of data breach through those third parties increases as well. BitSight Security Ratings continuously monitor and quantify the cyber risk of third parties, enabling organizations to efficiently scale their vendor risk management programs. It’s critical that retail organizations continuously monitor all of the third parties in their supply chain with the rise of e-commerce. Learn how BitSight helps retail companies manage cyber risk and continuously monitor the security posture of their third-party vendors.

CTA Image

Suggested Posts

5 Crucial Strategies for Improving Retail Network Security

The retail sector has proven that when top minds put their heads together, they can make real headway against pernicious cyber threats. Case in point: the industry-wide adoption of EMV  chip cards has played a role in reducing...


3 Surprising Ways Supply Chain Cybersecurity Can Impact Retailers

Retail operations, whether in-store or online, rely on a long chain of connections between third parties. When attackers target one of these third parties, they can wreak havoc on the supply chain, affecting business operations up and...


4 Common Retail Security Threats (and How to Stop Them)

The retail industry has always been a favorite target of cyber criminals. We all remember major data breaches like those that affected Target, TJX, and Home Depot — but the truth is that retail security threats have been a daily concern...


Get the Weekly Cybersecurity Newsletter.