Ticketmaster facing High Court action following ICO fine

Ticketmaster has been issued a £1.2 million fine by the UK's Information Commissioner's Office (ICO) after it failed to properly protect its customers' data during a breach that occurred over two years ago. 

The fine was issued after the company was found to be in breach of the EU's General Data Protection Regulation (GDPR) – for failing to implement appropriate security on a chatbot that appeared on its payment page.

The cyberattack was found to be subject to substantial fines due to the fact that the data protection legislation came into effect on May 25 of the same year. 

The severe data breach, which affected up to 9.4m Ticketmaster customers in Europe – 1.5m of them from the UK – resulted in hackers stealing highly sensitive personal information including names, credit and debit card numbers, expiry dates, and the CVV numbers from the back of those cards.

This data could be used to engage in fraud and secondary attacks such as phishing and ID fraud. and, following the cyberattack, 60,000 Barclays Bank customers are thought to have become victims of fraud. 

The massive cyberattack was first noticed by Monzo customers back in February 2018. At that time, consumers began reporting fraudulent transaction in their accounts.

Following those reports, the Commonwealth Bank of Australia, Barclaycard, American Express, and Mastercard all reported signs of fraudulent activity to the American ticket sales and distribution company. Despite this, the company failed to act.

Keller Lenkner UK, the law firm currently in the advanced stages of a High Court action against Ticketmaster on behalf of the thousands of UK consumers affected by the breach told ProPrivacy.com.

The breach has been identified as being caused by a third-party chat bot facility used on its payments page. While several banks tried to alert Ticketmaster of potential fraud, it took an unacceptable nine weeks for action to be taken exposing an estimated 1.5 million UK customers - details included bank information.

Keller Lenkner

According to the ICO, Ticketmaster has been issued the fine for failing to:

  • Assess the risks of using a chat-bot on its payment page
  • Identify and implement appropriate security measures to negate the risks
  • Identify the source of suggested fraudulent activity in a timely manner

James Dipple-Johnstone, deputy commissioner at the ICO, commented:

Ticketmaster should have done more to reduce the risk of a cyber-attack. Its failure to do so meant that millions of people in the UK and Europe were exposed to potential fraud.

Kingsley Hayes, head of data breach and cybercrime at Keller Lenkner UK,  was quick to point out that the fine received by Ticketmaster is comparatively low:

This has been long awaited following Ticketmaster’s data breach which started in February 2018 and continued for several months. While this is a significant financial penalty, we should note it that the ICO has to take the economic impact of the pandemic into consideration therefore, Ticketmaster's fine today is significantly less than it would have been in ordinary circumstances.

Keller Lenkner

Keller Lenkner will now push on with its legal action against Ticketmaster, in the hopes of winning damages for thousands of Brits affected by the cyberattack.

Keller Lenkner UK is currently at an advanced stage of a High Court action against Ticketmaster on behalf of thousands of affected customers with the effects of the breach causing actual, and potential, financial harm and psychological damage.

Keller Lenkner

Written by: Ray Walsh

Digital privacy expert with 5 years experience testing and reviewing VPNs. He's been quoted in The Express, The Times, The Washington Post, The Register, CNET & many more. 

0 Comments

There are no comments yet.

Got Something to Say?

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.

We recommend you check out one of these alternatives:

The fastest VPN we test, unblocks everything, with amazing service all round

Longtime top ranked VPN, with great price and speeds

One of the largest VPNs, voted best VPN by Reddit

Strong presence, no-logs policy