That's not how it works
"there was no evidence that the issue originated with Ticketmaster."
It's your customers entering data into your system on your website in order to use your services, interacting with third parties contracted and approved by you. The exact details of the specific company name on the payslip of the person who wrote the specific bit of code at the root of the problem are not relevant. Blaming a third party doesn't get you off the hook, it just makes things look even worse since it demonstrates that not only did you let your site get compromised, but you were also clearly incapable of understanding how your own site works or auditing it properly when alerted to a problem.