Menu
  • About
  • Blog
  • Services
    • Advice & Consultancy
    • Data Protection Officer
    • EU Representative
    • UK Representative
    • Training & Awareness
  • In The News
  • Contact
  • 033 002 29009
Close Menu
Ticketmaster Feature Image
November 16 2020

Ticketmaster Hit With £1.25m GDPR Fine Over Data Breach

Mahmoudat Sanni-Oba News Data Breach, GDPR Fine, ICO, Ticketmaster

The ICO has fined Ticketmaster £1.25 million over a data breach that happened in 2018. The cyberattack affected the payment information of more than nine million customers.

How the breach happened

A vulnerability in a third party chatbot allowed hackers to gain access to Ticketmaster’s payment page. As a result, the payment details (card numbers, expiry dates and CVV numbers) of customers were exposed.

James Dipple-Johnstone, Deputy Commissioner at the ICO said:

Ticketmaster should have done more to reduce the risk of a cyber-attack. Its failure to do so meant that millions of people in the UK and Europe were exposed to potential fraud.

According to the ICO, Ticketmaster failed to do the following:

  1. Assess the risks of using a third party chatbot on its payment page.
  2. Identify and implement the appropriate security measures to counter the risks.
  3. Identify the source of fraudulent activity in time.

Despite warnings from several financial institutions including Monzo, Barclays and AmEx, it took nine weeks for Ticketmaster to start monitoring activity on its payment page for suspicious activity. Following the breach, 60,000 Barclays customers were victims of fraud and Monzo had to replace 6,000 payment cards over suspected fraudulent use. 

With cyberattacks on the rise, third party vendors are an easy way for hackers to gain access to your organisation’s data. Research shows that over 59% of data breaches are caused by third-party vendors. Vendors that provide email server, cloud or payment services are particularly vulnerable to attacks. 

As a business, it’s your responsibility to take steps to minimise those risk. You must vet third party vendors and check their cyber-security risk at the start of your relationship. If you didn’t do this at the onset, it’s not too late. We recommend continuously monitoring the cyber-security risks of your third-party vendors to make sure you’re not caught by surprise.  To conduct a comprehensive audit, get in touch with us for our bespoke and award-winning data protection consultancy service. 

If you have been affected by a data breach, read our article on the 7 things you must do straight away to protect your personal information.

The ICO issued a warning to other organisations in their statement,

The £1.25m fine we’ve issued today will send a message to other organisations that looking after their customers’ personal details safely should be at the top of their agenda.

Kazient Privacy Experts offer bespoke Data Protection, Privacy and GDPR compliance solutions in a language you understand to UK and international organisations, and has received positive media coverage across Europe. Kazient’s GDPR consultants are fully certified to be your outsourced Data Protection Officer or EU Representative. Get in touch to find out how we can help your business by visiting our website www.kazient.co.uk or calling us on 0330 022 9009.

Mahmoudat Sanni-Oba
Mahmoudat Sanni-Oba
Mahmoudat Sanni-Oba is a Data Privacy Analyst for Kazient Privacy Experts. She earned a Bachelor's degree in Accounting and Finance from LSE in 2018 and has a keen interest in technology and data protection.
UK Political Parties Must Improve Data Protection Practices, ICO Warns US Military Buys Location Data Collected By Muslim Pro – Jamal Ahmed Talks To BBC Asian Network

Related Posts

Robert Podcast

News

It’s Not Too Late to Get Into Data Privacy – In Conversation With Robert Baugh

Political Parties ICO Warning

News

UK Political Parties Must Improve Data Protection Practices, ICO Warns

Data Breach

News

7 Things You Must Do After A Data Breach

Back To Top

Kazient Privacy Experts, The Minster Building,
Great Tower Street, City of London,
England, EC3R 7AG, United Kingdom

Kazient Ltd t/a Kazient Privacy Experts
is a company registered in England and Wales with
Company Number 09324798.

0330 022 9009

Company

  • About
  • Blog
  • Services
  • In The News
  • Contact
  • Call Now

Legal

  • Terms & Conditions
  • Privacy Notice
  • FAQs
Kazient 2020 ©
Designed & Developed by Design by MYS