Ticketmaster has admitted that it has suffered a security breach, which the BBC understands has affected up to 40,000 UK customers.
Malicious software on third-party customer support product Inbenta Technologies caused the hack, the firm said on Twitter.
“Some personal or payment information may have been accessed by an unknown third party”, it added.
All affected customers have been contacted.
In the email to those customers, Ticketmaster said it had set up a website to answer any questions and advised them to reset their passwords. It also offered them a free 12-month identity monitoring service.
It said the breach was likely to have only affected UK customers who purchased or attempted to purchase tickets between February and 23 June 2018.
But, as a precaution, it said it had also informed international customers who had purchased or attempted to purchase tickets between September 2017 and 23 June 2018.
The company added that North American customers were not affected.
Information that may have been compromised includes names, addresses, email addresses, telephone numbers, payment details and Ticketmaster log-in details.
It said that “forensic teams and security experts are working around the clock” to understand how data was compromised.
Ticketmaster is confident it has complied with General Data Protection Regulation (GDPR) rules – acting very quickly and informing all relevant authorities, including the Information Commissioner’s office.
The UK’s National Cyber Security Centre – a division of GCHQ – said it was monitoring the situation.
“The NCSC is working with our partners to better understand the incident,” added a spokesman.
Ticketmaster’s parent, Live Nation, declared it had 86 million customers in its most recent annual report.
However, a spokeswoman was unable to break out a figure for Ticketmaster’s total number of UK clients.
One expert said members of the public should now be on the lookout for follow-up phishing scams.
“After an incident like this, criminals from around the world will jump at the chance to try and catch a few unsuspecting people out,” said Brooks Wallace from the cyber-security specialist Trusted Knight.
“If you receive any emails purporting to be from Ticketmaster asking for any personal information, discard them. If you need to contact Ticketmaster, type the website address into your browser and log-in that way.”