The U.K.’s Information Commissioner’s Office (ICO) recently penalized Ticketing website Ticketmaster for £1.25 million ($1.65 million) following a data breach in 2018. The privacy watchdog claimed that Ticketmaster failed to protect its customers’ private information and violated the GDPR laws. Hackers installed malicious software on to the customer support chat-bot on Ticketmaster’s online payment page to pilfer sensitive and financial data from more than 9.4 million customers in Europe and 1.5 million in the U.K.
The incident affected customers who purchased or attempted to purchase tickets between February and June 23, 2018, as well as international customers who purchased, or attempted to purchase tickets between September 2017 and June 23, 2018.
ICO’s investigation found the data breach compromised customer names, payment card numbers, expiry dates, and CVV numbers. In addition, over 60,000 payment cards belonging to Barclays Bank customers were subjected to known fraud and 6,000 cards were replaced by Monzo Bank after it suspected fraudulent use as a result of the data breach.
Related Story: Four Biggest GDPR Fines of 2020
The ICO found that Ticketmaster failed to:
- Assess the risks of using a chat-bot on its payment page
- Identify and implement appropriate security measures to negate the risks
- Identify the source of suggested fraudulent activity in a timely manner
James Dipple-Johnstone, Deputy Commissioner said, “When customers handed over their personal details, they expected Ticketmaster to look after them. But they did not. Ticketmaster should have done more to reduce the risk of a cyberattack. Its failure to do so meant that millions of people in the U.K. and Europe were exposed to potential fraud. The £1.25 million fine we’ve issued today will send a message to other organizations that looking after their customers’ personal details safely should be at the top of their agenda.”
Biggest ICO Fine!
Recently, the ICO fined British Airways (BA) £20 million (approximately US$26 million) for failing to protect its customers’ sensitive information in a cyberattack in 2018. ICO’s investigation found that the airline was handling its customers’ data without adequate cybersecurity measures. For full story click here…