fbpx

Get powers over 5,000 organisations/community leaders providing event tickets, merchandise and membership commerce in over 20+ currencies, 5+ languages and across 5 countries for a brilliant and diverse range of use-cases and interest categories of all sizes.

This page contains updates related to a recent alleged data breach on our systems. We are sorry for this incident and Get truly appreciates the positive messages of support from the fantastic individuals and organisations in our community. This gives us the drive to continue improving our service.

14th October 2019 – 5:00pm AEDT

In recent weeks, Get has undertaken a careful and thorough investigation and assessment to understand the true nature and extent of the alleged data breach. Our response has encompassed liaison with the Office of the Australian Information Commissioner (OAIC) and the engagement of third-party IT security expertise.

Get recently became aware of a vulnerability in our systems where for a brief period, contact information including names, phone numbers and email addresses for some individuals could have been exposed. No personal financial information (e.g. credit card information), is stored by Get.   

Get acted quickly to secure its systems and this has since allowed us to obtain an independent security certificate identifying no current security risks. There is no current evidence of any information from our systems being posted online, however to minimise the risk of harm to any individual and in line with regulatory requirements, we are sending an email to individuals who may be impacted covering the important steps they can take in the unlikely event that they receive any unsolicited, suspicious emails, calls or texts.

Get’s actions to secure its IT systems and reduce the risk of harm to individuals has included:

  • – Within a short time period, addressing the vulnerability by tokenising specific API calls and removing the data fields in question, as well as checking and securing all other endpoints by masking sensitive data
  • – Engaging third-party cyber-security experts to conduct an audit, perform additional penetration testing and support our internal team, including reviewing their work and advising on improvements to our IT system security. This has allowed us to subsequently obtain an independent security certificate identifying zero security risk findings.
  • – Monitoring our website, platform, emails, social and customer support channels for suspicious activity
  • – Rate-limiting access to deny abuse and/or rainbow attacks on the system
  • – Removing some older and non-critical product functions
  • – Monitoring the internet for dumps of information from our platform 
  • – Reminding individuals of the important steps they can take in the unlikely event that any unsolicited, suspicious emails, calls or texts are received.

Whilst we are aware of inconsistent and at times inaccurate information published on online forums and in the press, we will continue to limit public comment in order to prioritise our support for organisations and individuals who use our platform.

Get can be contacted through [email protected] in relation to this matter and asks that any correspondence you receive from third-parties in relation to this matter is forwarded to this address.

If you would like to learn more about ways to stay safe online and reverse the threat of cybercrime, please visit: https://www.staysmartonline.gov.au/

8th October 2019 – 11:14pm AEDT

Get has significantly progressed its investigations over the long weekend and is working with external IT expertise to conclude the remaining stages of its assessment and response to the incident. We maintain that a heightened degree of caution should be exercised in relation to any suspicious or unusual phone calls, text messages, or emails from unknown sources.

4th October 2019 – 11:55am AEST

Get’s investigations into the alleged data breach have continued in earnest over the past week and will continue to do so over the coming weekend.  We are employing considerable resources to our thorough investigation of the matter, which will continue as long as is necessary for a comprehensive solution to be reached. The next of these updates will be provided after the weekend.  We continue to recommend that users of our platform should be alert to any phone calls, text messages, or emails from unknown sources.

3rd October 2019 – 3:15pm AEST

Get would like to again thank everyone for their patience and continued support during this time with respect to our ongoing investigation. Our priority is to effectively and comprehensively respond to this situation. We continue to recommend that at this time users should exercise heightened caution in relation to any phone calls, text messages, or emails from unknown sources. 

2nd October 2019 – 4:21pm AEST

Get is continuing engagement with appropriate external professional services to ensure its investigation is thorough and actions are fully appropriate to the circumstances at hand. Get remains committed to compliance with its obligations under Australian law in this matter and will continue engagement with the Office of the Australian Information Commissioner. Users of our platform should remain alert to any phone calls, text messages, or emails from unknown sources at this time.

1st October 2019 – 5:15pm AEST

In accordance with Get’s continuing position on the alleged data breach, our thorough investigations in the matter are continuing. Get’s staff and external experts are working towards completion of these investigations and Get remains committed to compliance with its obligations under Australian law in this matter. We continue to recommend that at this time users should exercise heightened caution in relation to any phone calls, text messages, or emails from unknown sources. 

30th September 2019 – 7:44pm AEST

Get has over the past weekend and will this week be continuing its thorough investigations into the alleged data breach with the support of external expertise. Get will continue to comply with all relevant obligations under Australian law in relation to this matter and the investigations will remain ongoing for as long as necessary.  We continue to recommend that at this time users should continue to be alert to any phone calls, text messages, or emails from unknown sources. 

27th September 2019 – 4:55pm AEST

Get’s investigations into the alleged data breach will continue over the coming weekend. Get is committed to finalising our investigative efforts and reaching an adequate resolution to this matter as soon as possible. Unless any specific matters develop further over the weekend, the next of these updates will be provided on Monday, 30th September.  However, due to the serious nature of this matter, we recommend that at this time users of our platform should be alert to any phone calls, text messages, or emails from unknown sources at this time. 

26th September 2019 – 5:10pm AEST

Get would like to thank everyone for their patience and continued support during this time with respect to our ongoing investigation. Get is continuing engagement with appropriate external professional services to ensure its actions are thorough and fully appropriate to the circumstances at hand. Again, Get will comply with all relevant obligations under Australian law in relation to this matter. Our recommendation continues regarding users exercising caution in relation to any phone calls, text messages, or emails from unknown sources.

25th September 2019 – 5:12pm AEST

Get’s investigations into the alleged data breach are continuing.  Consistent with our previous statements, this work will continue for as long as is necessary to achieve a comprehensive resolution to the matter.  Get will also comply with all relevant obligations under Australian law in relation to this matter.   We continue to recommend that users of our platform be alert to any phone calls, text messages, or emails from unknown sources at this time.

24th September 2019 – 5:06pm AEST

In the past 24 hours and in accordance with Get’s continuing position on the alleged data breach, our thorough investigations in the matter are continuing. Get’s staff and external experts are working towards completion of these investigations as expeditiously but comprehensively as possible.  Get remains committed to compliance with its obligations under Australian law in this matter and will continue engagement with the Office of the Australian Information Commissioner. We continue to recommend that at this time users should exercise heightened caution in relation to any phone calls, text messages, or emails from unknown sources. 

23rd September 2019 – 5:13pm AEST

Over the past weekend Get has continued its thorough investigations into the alleged data breach with support from external expertise. Get is committed to finalising these investigative efforts and reaching an adequate resolution to this matter as soon as possible. We continue to recommend that at this time users should be alert to any phone calls, text messages, or emails from unknown sources.

20th September 2019 – 4:09pm AEST

Get’s investigations into the alleged data breach have continued in earnest over the past week and will continue to do so over the coming weekend.  It is anticipated that we will be in a position to review initial results of these investigative efforts in the near future. Unless any specific matters develop further over the weekend, the next of these updates will be provided on Monday, 23 September.  However, due to the serious nature of this matter, we recommend that at this time users of our platform should be alert to any phone calls, text messages, or emails from unknown sources at this time.

19th September 2019 – 4:01pm AEST

Get remains committed to furthering its investigations into the alleged data breach.  In collaboration with external expertise, Get has significantly progressed in this matter in the time since the incident occurred.  We also emphasise that Get has also secured its IT systems. Furthermore, Get repeats that it will fully comply with its obligations under Australian law in this matter. Whilst this process remains ongoing, Get advises that users should remain aware and cautious of any phone calls, text messages, or emails received from unknown sources.

18th September 2019 – 5:25pm AEST

In accordance with Get’s continuing position on the alleged data breach, our thorough investigations in the matter are continuing.  Get’s staff and external experts are working towards completion of these investigations as expeditiously but comprehensively as possible.  Get also remains committed to compliance with its obligations under Australian law in this matter.  We continue to recommend that at this time users should exercise heightened caution in relation to any phone calls, text messages, or emails from unknown sources.

17th September 2019 – 5:25pm AEST

Get’s investigations into the alleged data breach remain active and continuing.  They will continue for as long as necessary to reach an adequate resolution to this matter.  Get also remains committed to compliance with its obligations under Australian law in this matter.  Get remains unaware of any specific instances where users’ data has been obtained or used by external actors.  However, our recommendation continues regarding users exercising caution in relation to any phone calls, text messages, or emails from unknown sources.

16th September 2019 – 9:00pm AEST

Over the past weekend Get has furthered its investigations into the alleged data breach, including through collaboration with external IT expertise.  These investigations involve the consideration of large volumes of information, however will remain ongoing for as long as necessary to reach an adequate resolution to this matter.  Get has also made initial contact with the Office of the Australian Information Commissioner and will continue this engagement in full compliance with Australian law.  At this time, Get has not yet been made aware of any specific instances where users’ data has been obtained or used by external actors.  However, we recommend that users of our platform should continue to be alert to any phone calls, text messages, or emails from unknown sources.

13th September 2019 – 1:15pm AEST 

In the past 24 hours Get has further advanced its investigations into the alleged data breach.  We are employing considerable resources to our thorough investigation of the matter, which will continue as long as is necessary for a comprehensive solution to be reached. Unless any specific matters develop further over the weekend, the next of these updates will be provided on Monday, 16 September.  We recommend that at this time users of our platform should be alert to any phone calls, text messages, or emails from unknown sources.

12th September 2019 – 1:15pm AEST

Get is continuing its active approach to addressing the alleged data breach.  Our priority is to effectively and comprehensively respond to this situation. We will fully comply with all relevant legal obligations in the circumstances and constructively engage with the relevant authorities.  Get is also progressing its investigations into this incident through use of both internal and external resources and expertise.  We recommend that users of our platform remain vigilant to any suspicious contact and communications, if received, at this time.

11th September 2019 – 1:31pm AEST

Get is continuing its investigations into the alleged data breach.  We are working continuously to undertake a comprehensive response to this matter, which we are taking with the utmost seriousness.  In this regard, Get is engaging appropriate external professional services to ensure its actions are thorough and fully appropriate to the circumstances at hand.  Get will fully comply with relevant regulatory and law enforcement obligations and associated agencies.   In the meantime, users of our platform should, as always, remain wary of any unusual phone calls, text messages or emails.

10th September 2019 – 1:44pm AEST

Get is continuing its thorough investigations into the alleged data breach. We appreciate the patience of our partner clubs, many of whom we have been in open and honest communication with over the previous days. Should we discover that any data was obtained from our database we will contact affected individuals.  In the meantime, users of our platform should, as always, remain wary of any unusual phone calls, text messages or emails.

9th September 2019 – 2:39pm AEST

Get advises that its services continue to be active and organisations who have events and other sales occurring on the platform can continue. We are continuing our investigations and will provide a further update when it becomes available.

8th September 2019 – 3:45pm AEST

On Friday evening (6th September) a number of organisations which use our platform were alerted to a potential vulnerability in our systems. An article was shared (which was quickly removed) detailing how data could be obtained from our platform. 

We became aware of this on Saturday (7th September) and have spent the last 24 hours investigating the claims.

Our engineering teams immediately acted by: 

  • 1) Addressing the potential vulnerability: Our API calls were checked and tokenised to ensure subsequent data security. 
  • 2) Communication with organisations: Began communicating directly with organisations who use our platform about the actions we are taking in response.
  • 3) Further Review: Began review of all API calls to further determine if unauthorised access had occurred prior (1), and if be, what data had been accessed.

If we become aware of any specific information which has been compromised we will notify the organisations, their members and report a breach. No personal payment information is stored in Get’s databases and payments are processed by a secure third party payment processor, responsible for many of the world’s online transactions.

Further updates will be provided via this page within 24 hours or when more information becomes available.