ICO Hits Ticketmaster With £1.2m Data Breach Fine

The Information Commissioner’s Office (ICO) continues to take no prisoners with handing out stiff financial penalties for data breaches.

The latest recipient is Ticketmaster UK, after the ICO announced it was fining “Ticketmaster UK Limited £1.25million for failing to keep its customers’ personal data secure.”

It comes after the ICO last month lowered its fine for Marriott data breach to £18.4m, down from a £99 million fine issued last year.

Data breach fine

The stiff financial penalty against Ticketmaster was because “the ICO found that the company failed to put appropriate security measures in place to prevent a cyber-attack on a chat-bot installed on its online payment page.

It said Ticketmaster’s failure to protect customer information was a breach of the General Data Protection Regulation (GDPR).

The data breach, which included names, payment card numbers, expiry dates and CVV numbers, potentially affected 9.4million of Ticketmaster’s customers across Europe including 1.5million in the UK.

Investigators found that, as a result of the breach, 60,000 payment cards belonging to Barclays Bank customers had been subjected to known fraud. Another 6,000 cards were replaced by Monzo Bank after it suspected fraudulent use.

But really sealed Ticketmaster’s fine was the ICO had found the firm had failed to assess the risks of using a chat-bot on its payment page; failed to identify and implement appropriate security measures to negate the risks; and failed to identify the source of suggested fraudulent activity in a timely manner.

“When customers handed over their personal details, they expected Ticketmaster to look after them. But they did not,” explained James Dipple-Johnstone, Deputy Commissioner.

“Ticketmaster should have done more to reduce the risk of a cyber-attack,” said Dipple-Johnstone. “Its failure to do so meant that millions of people in the UK and Europe were exposed to potential fraud.”

“The £1.25milllion fine we’ve issued today will send a message to other organisations that looking after their customers’ personal details safely should be at the top of their agenda,” he added.

Ticketmaster appeal

The ICO noted that it took Ticketmaster nine weeks from being alerted to possible fraud to monitoring the network traffic through its online payment page.

Ticketmaster has said it would appeal against the fine.

“Ticketmaster takes fans’ data privacy and trust very seriously,” the firm was quoted by the BBC as saying.

“Since Inbenta Technologies was breached in 2018, we have offered our full cooperation to the ICO. We plan to appeal [against] today’s announcement.”

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Brazil Unfreezes Starlink, X Bank Accounts After Funds Transfer

Judge orders X, Starlink bank accounts unfrozen after $3.3m transfer pays off fines imposed on…

15 hours ago

Uber To Offer Waymo Robotaxi Rides In Austin, Atlanta

Uber expands deal with Waymo from Phoenix to Austin, Texas and Atlanta as it faces…

15 hours ago

GenAI Shopping: Revolutionising Retail Experiences

Discover how Generative AI is transforming the retail experience with personalised interactions, AI-powered search, and…

16 hours ago

US House Passes Bill Targeting Chinese EV Battery Tech

US House of Representatives passes bill restricting tax credits for electric vehicles using battery technology…

16 hours ago

NASA Mission To Jupiter’s Europa Gets Go-Ahead

NASA to launch 'Europa Clipper' mission to Jupiter's moon Europa next month as it seeks…

16 hours ago

Police Arrest Youth Over London Transport Hack

National Crime Agency arrests 17-year-old in Walsall over hack of Transport for London that compromised…

17 hours ago