You are here: Home - Household Bills - News -

Ticketmaster fined £1.25m over data breach

Written by:
Ticketmaster has been fined £1.25m after a data breach in 2018 potentially exposed the personal details of 1.5 million UK customers.

The Information Commissioner’s Office (ICO) found Ticketmaster failed to put appropriate security measures in place to prevent a cyber-attack on a chat-bot installed on its online payment page.

Its investigation found that the breach began in February 2018 when Monzo Bank customers reported fraudulent transactions.

This was followed by reports from Barclaycard, Mastercard and American Express which suggested the fraud was related to Ticketmaster.

However, the ICO said Ticketmaster failed to identify the problem, taking nine weeks from being alerted to possible fraud to monitoring the activity.

It was later revealed that Ticketmaster’s decision to include a chat-bot hosted by a third party on its online payment page allowed an attacker to access customers’ financial details.

Names, payment card numbers, expiry dates and CVV numbers of up to 9.4 million customers across Europe, including 1.5 million in the UK were potentially exposed.

It resulted in 60,000 payment cards belonging to Barclays Bank customers being subject to fraud. Another 6,000 cards were replaced by Monzo Bank after it suspected fraudulent use.

The ICO said Ticketmaster failed to assess the risks of using a chat-bot on its payment page; identify and implement appropriate security measures and identify the source of suspected fraudulent activity in a timely manner.

As such, it breached the General Data Protection Regulations (GDPR).

James Dipple-Johnstone, deputy commissioner at the ICO, said: “When customers handed over their personal details, they expected Ticketmaster to look after them. But they did not.

“Ticketmaster should have done more to reduce the risk of a cyber-attack. It’s failure to do so meant that millions of people in the UK and Europe were exposed to potential fraud.

“The £1.25milllion fine we’ve issued today will send a message to other organisations that looking after their customers’ personal details safely should be at the top of their agenda.”

The Ticketmaster chat-bot was completely removed from its website on 23 June 2018.

A Ticketmaster spokesperson, said: “Ticketmaster takes fans’ data privacy and trust very seriously.  Since Inbenta Technologies was breached in 2018, we have offered our full co-operation to the ICO. We plan to appeal today’s announcement.”

There are 0 Comment(s)

If you wish to comment without signing in, click your cursor in the top box and tick the 'Sign in as a guest' box at the bottom.

Seven ways to get help with energy bills this winter

We knew today’s announcement was going to be painful, but it’s still a shock to the system. When this kick...

Flight cancelled or delayed? Your rights explained

With no sign of the problems in UK aviation easing over the peak summer period, many will worry whether holida...

Rail strikes: Your travel and refund rights

Thousands of railway workers will strike across three days this week, grinding much of the transport system to...

What will happen if rates change

How your finances will be impacted by a rise in interest rates.

Regular Savings Calculator

Small regular contributions can build up nicely over time.

Online Savings Calculator

Work out how your online savings can build over time.

DIY investors: 10 common mistakes to avoid

For those without the help and experience of an adviser, here are 10 common DIY investor mistakes to avoid.

Mortgage down-valuations: Tips to avoid pulling out of a house sale

Down-valuations are on the rise. So, what does it mean for home buyers, and what can you do?

Five tips for surviving a bear market mauling

The S&P 500 has slipped into bear market territory and for UK investors, the FTSE 250 is also on the edge. Her...

Money Tips of the Week