ICO Hits Ticketmaster With £1.2m Data Breach Fine

The Information Commissioner’s Office (ICO) continues to take no prisoners with handing out stiff financial penalties for data breaches.

The latest recipient is Ticketmaster UK, after the ICO announced it was fining “Ticketmaster UK Limited £1.25million for failing to keep its customers’ personal data secure.”

It comes after the ICO last month lowered its fine for Marriott data breach to £18.4m, down from a £99 million fine issued last year.

Data breach fine

The stiff financial penalty against Ticketmaster was because “the ICO found that the company failed to put appropriate security measures in place to prevent a cyber-attack on a chat-bot installed on its online payment page.

It said Ticketmaster’s failure to protect customer information was a breach of the General Data Protection Regulation (GDPR).

The data breach, which included names, payment card numbers, expiry dates and CVV numbers, potentially affected 9.4million of Ticketmaster’s customers across Europe including 1.5million in the UK.

Investigators found that, as a result of the breach, 60,000 payment cards belonging to Barclays Bank customers had been subjected to known fraud. Another 6,000 cards were replaced by Monzo Bank after it suspected fraudulent use.

But really sealed Ticketmaster’s fine was the ICO had found the firm had failed to assess the risks of using a chat-bot on its payment page; failed to identify and implement appropriate security measures to negate the risks; and failed to identify the source of suggested fraudulent activity in a timely manner.

“When customers handed over their personal details, they expected Ticketmaster to look after them. But they did not,” explained James Dipple-Johnstone, Deputy Commissioner.

“Ticketmaster should have done more to reduce the risk of a cyber-attack,” said Dipple-Johnstone. “Its failure to do so meant that millions of people in the UK and Europe were exposed to potential fraud.”

“The £1.25milllion fine we’ve issued today will send a message to other organisations that looking after their customers’ personal details safely should be at the top of their agenda,” he added.

Ticketmaster appeal

The ICO noted that it took Ticketmaster nine weeks from being alerted to possible fraud to monitoring the network traffic through its online payment page.

Ticketmaster has said it would appeal against the fine.

“Ticketmaster takes fans’ data privacy and trust very seriously,” the firm was quoted by the BBC as saying.

“Since Inbenta Technologies was breached in 2018, we have offered our full cooperation to the ICO. We plan to appeal [against] today’s announcement.”

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Signal Shows Data Collection Adverts Facebook Rejected

Signal has had user-targetted adverts on Instagram blocked, as messaging service attempts to highlight Facebook…

4 hours ago

Oversight Board Upholds Trump’s Facebook Suspension

Bad news for Donald. Facebook's 'Supreme Court' upholds suspension of Donald Trump account, but asks…

5 hours ago

US Presses TSMC For More Chips For Car Makers

Global silicon shortage continues, as US Commerce Department presses Taiwanese chipmakers to ease the supply…

6 hours ago

Starlink Signs Up 500,000 Pre-Orders For Satellite Internet

Elon Musk space venture SpaceX has already signed 500,000 customers on pre-order for its Starlink…

8 hours ago

Apple Vs Epic Games Court Battle Continues

Second day of courtroom showdown in the US reveals Epic Games management would have accepted…

10 hours ago

Trump Launches ‘Communications’ Website

Banned from social media for instigating US Capitol riot, Trump launches 'straight from the desk'…

12 hours ago