Australia’s Department of Home Affairs says it is working with Ticketmaster after hackers allegedly stole personal details of more than half a billion customers.
The ShinyHunters hacking group is reportedly demanding a $500,000 (£400,000) ransom payment to prevent the information being sold to other parties.
Australia said it was aware of a breach and was “working with Ticketmaster to understand the incident”.
The American website Ticketmaster, one of the largest online ticket sales platforms in the world, has yet to confirm whether it has experienced a security breach.
Reports suggest a group of hackers gained access to the names, addresses, phone numbers and the partial payment details of 560 million Ticketmaster customers worldwide.
The FBI has offered assistance to Australian authorities.
ShinyHunters has been linked to a string of high-profile data breaches resulting in millions of dollars in losses to the companies involved.
In 2021 the group sold a genuine database of stolen information from 70 million customers of US telecoms firm AT&T.
In September last year, almost 200,000 Pizza Hut Customers in Australia had their data breached.
This latest alleged hack coincides with the relaunch of BreachForums, a site on the dark web where other hackers buy and sell stolen material, and information to enable hacks to take place.
The FBI cracked down on the domain in March 2023, arresting its administrator Conor Brian Fitzpatrick, but it has reappeared, according to tech media.
Users of the forums often inflate the scale of their hacking to attract attention from other hackers.
They are often where large stolen databases first appear but can also feature false allegations and claims.
“If Ticketmaster has had a breach of this scale it is important they inform customers but it is important to also consider that sometimes criminal hackers make false or inflated claims about data breaches – so people should not be overly concerned until a breach is confirmed,” says security researcher Kevin Beaumont.
Individuals declaring large batches of data in the past have proven to be duplicates of previous hacks rather than newly stolen information.
But if verified, the hack could be the most significant breach ever in terms of numbers and the extent of the data stolen.
This is not the first time Ticketmaster has been hit with security issues.
In 2020 it admitted it hacked into one of its competitors and agreed to pay a $10m fine.
In November it was allegedly hit by a cyber attack which led to problems selling tickets for Taylor Swift’s Era’s tour.
Earlier this month, US regulators sued Live Nation, Ticketmaster’s parent company, accusing the entertainment giant of using illegal tactics to maintain a monopoly over the live music industry.
The lawsuit from the Department of Justice said the firm’s practices had kept out competitors, and led to higher ticket prices and worse service for customers.
The BBC has contacted Live Nation for comment.