Ticketmaster has reported that it has “identified malicious software on a customer support product hosted by Inbenta Technologies, an external third-party supplier to Ticketmaster.” As a result, UK customers who bought theater, concert or sporting event tickets between February and June 23, 2018, may have been affected by the breach. The malware deployed was designed to steal customers’ names, email addresses, telephone numbers, payment details, addresses, and Ticketmaster login information.

The malware also affected two other UK websites owned by Ticketmaster—TicketWeb and Get Me In!

Ticketmaster has warned its customers that they could be at risk of identity theft and fraud. It has been reported that up to 40,000 UK customers have been affected by the incident.

Although Ticketmaster insists that North American customers were not affected by the incident, it is recommending that ALL Ticketmaster customers reset their password.