After a massive data breach, my credit card info was shared with hackers. Here’s what I did next.

Like many blissfully unaware Canadians, I never thought I would be the target of credit card fraud — until I discovered unrecognizable charges on my Visa last month.
In the middle of June, I woke up to a notification from my banking app: Someone had tried signing in around 3 a.m. I tapped the “That wasn’t me” option, changed my password and locked my credit card immediately. Then I checked my most recent transactions, and my stomach sank. There were 12 transactions ranging from $4.45 to $8.90 for Apple Mobile in Tokyo.
I called my bank right away to report the fraudulent charges (which can also be done online) and cancelled my Visa card. I also reset my online banking password. But I couldn’t understand how this happened. I am as careful as possible with my credit card information.
Then on July 8, I was one of many North Americans who received a notice from Ticketmaster: “We are writing to notify you of a data security incident that may have involved your personal information,” it said. The email went on to explain that the company discovered an unauthorized third party obtained information from a cloud database hosted by a third-party data services provider between April 2 and May 18. On May 23, Ticketmaster determined that some of my personal information may have been affected. I recalled the fraudulent charges and suddenly, it all made sense.
A quick Google News search shows that I was one of possibly millions of Ticketmaster customers worldwide whose information was leaked.
As shocked as I was that my data had leaked, $62.30 in charges from Tokyo didn’t seem like a huge deal — until Jeff Horncastle, acting client and communications outreach officer for the Canadian Anti-Fraud Centre (CAFC), informed me that I was actually a victim of identity theft.
Credit card fraud falls under identity fraud, which is on the rise: In 2023, Horncastle says, 18 percent of reports received were linked to identity fraud, with more than 11,000 victims. Between January and the end of June this year, Canadians have lost $284 million. Considering that the CAFC estimates only five to 10 percent of fraud is reported, these figures are alarming.
When someone’s personal information is stolen or compromised (which can happen through volunteering personal information to scammers over the phone, phishing emails, a stolen wallet or a data breach), they become a victim of identity theft.
“Identity fraud occurs when the fraudster takes that information that they gathered or bought on the dark web and use that information to apply for credit cards, cell phones, etc.,” Horncastle says.
Payment card industry (PCI) compliance is very strong in North America, so it’s shocking that hackers were able to extract card numbers, says Alex Wilkins, president of Wilkins IT Solutions Inc. in Oshawa.
“You expect a multi billion-dollar company like Ticketmaster to hold your credit card data properly,” Wilkins says. Yet data breaches are on the rise, which is why cyber security is more important than ever.
It’s crucial to have your own personal safety practices, including passwords, data and storage. The biggest step you can take to protect yourself is have unique passwords. Horncastle says that when you use the same password for all of your accounts, they’re all at risk of being compromised.
“In this day and age, there is no explanation for having the same password on more than one website,” Wilkins says, adding that you shouldn’t know any of your passwords off the top of your head.
Invest in a proper password manager (not the Notes app in your phone, Wilkins clarifies) that’s encrypted and provides high-grade security. Most password manager tools have suggesters built in, so they’ll generate secure passwords for you.
“I know my password to get into my password manager, and I don’t know any other passwords,” Wilkins says. At the very least, create a passphrase using three or four unique words that have no relation to each other (for example, “battery horse door”).
The second biggest step you can take to protect yourself online is setting up two-factor (or multi-factor) authentication everywhere you can, says Wilkins. This requires a second step where you may be required to approve an online banking sign-in via your phone’s banking app, for example. As an additional failsafe, you can set up alerts on most banking apps so that you receive a push notification any time a withdrawal, transfer or deposit is made.
I had previously set up two-factor authentication for my online banking, which is why I was notified that someone tried accessing my account while I was asleep. That prompted me to look at my credit card transactions.
Horncastle also recommends thoroughly reviewing your banking transactions on a regular basis and keeping a close eye on credit card statements.
Credit card companies also offer additional security services for an extra layer of charge protection.
“We’re committed to fighting fraud,” says Maryam Saeed, head of risk for Visa Canada. “Visa has invested over $10 billion globally in cutting edge technology over the past five years, and a lot of it is around identifying and getting ahead of fraudsters.” She adds that Visa cardholders are protected from unauthorized charges through the company’s zero liability policy.
If you receive a notice that your information was compromised in a data breach, you’re also a victim of identity theft, and it’s crucial to take steps to protect your identity beyond notifying your bank.
Contact both credit bureaus, Equifax and TransUnion, to put a fraud alert on your file with them. That way, “if anybody tries to apply for a new credit card with your information, they’ll reach out to you to verify.”
Notify all of your financial institutions, credit card companies and government agencies including Service Canada and the Canada Revenue Agency that your credit card information has been compromised and that you’re at risk of identity fraud so you can protect those accounts as well.
As part of its efforts to make amends, Ticketmaster is offering a free 12-month credit or identity monitoring service through TransUnion Canada to affected customers. This service looks out for personal data on the dark web and provides alerts if any is found, along with fraud assistance and remediation services. I signed up right away.
TransUnion Canada also recommends ordering your credit report at least once a year and Horncastle says it’s a good idea to look them over carefully.
My next step is to report what happened in June to the local police and the Canadian Anti-Fraud Centre. “People may not think that there’s a point in reporting,” Horncastle says, but “the CAFC collects and shares information Canadian and international law enforcement (a lot of fraud comes from outside of Canada).” Between 2021 and 2023, more than $6 million were recovered with CAFC assistance. You can report fraud to the CAFC through its website or by calling 1-888-495-8501.
Many folks who are scammed may feel embarrassed or ashamed, but sharing your story can help others — especially loved ones who may be vulnerable, says Horncastle.
“The CAFC, law enforcement and government agencies all share prevention messaging, but unfortunately it doesn’t get to everyone,” he says. “We encourage Canadians to share prevention messaging. Even one simple tip can go a long way.”