You are here: Home - Household Bills - News -

Ticketmaster fined £1.25m over data breach

Written by:
Ticketmaster has been fined £1.25m after a data breach in 2018 potentially exposed the personal details of 1.5 million UK customers.

The Information Commissioner’s Office (ICO) found Ticketmaster failed to put appropriate security measures in place to prevent a cyber-attack on a chat-bot installed on its online payment page.

Its investigation found that the breach began in February 2018 when Monzo Bank customers reported fraudulent transactions.

This was followed by reports from Barclaycard, Mastercard and American Express which suggested the fraud was related to Ticketmaster.

However, the ICO said Ticketmaster failed to identify the problem, taking nine weeks from being alerted to possible fraud to monitoring the activity.

It was later revealed that Ticketmaster’s decision to include a chat-bot hosted by a third party on its online payment page allowed an attacker to access customers’ financial details.

Names, payment card numbers, expiry dates and CVV numbers of up to 9.4 million customers across Europe, including 1.5 million in the UK were potentially exposed.

It resulted in 60,000 payment cards belonging to Barclays Bank customers being subject to fraud. Another 6,000 cards were replaced by Monzo Bank after it suspected fraudulent use.

The ICO said Ticketmaster failed to assess the risks of using a chat-bot on its payment page; identify and implement appropriate security measures and identify the source of suspected fraudulent activity in a timely manner.

As such, it breached the General Data Protection Regulations (GDPR).

James Dipple-Johnstone, deputy commissioner at the ICO, said: “When customers handed over their personal details, they expected Ticketmaster to look after them. But they did not.

“Ticketmaster should have done more to reduce the risk of a cyber-attack. It’s failure to do so meant that millions of people in the UK and Europe were exposed to potential fraud.

“The £1.25milllion fine we’ve issued today will send a message to other organisations that looking after their customers’ personal details safely should be at the top of their agenda.”

The Ticketmaster chat-bot was completely removed from its website on 23 June 2018.

A Ticketmaster spokesperson, said: “Ticketmaster takes fans’ data privacy and trust very seriously.  Since Inbenta Technologies was breached in 2018, we have offered our full co-operation to the ICO. We plan to appeal today’s announcement.”

There are 0 Comment(s)

If you wish to comment without signing in, click your cursor in the top box and tick the 'Sign in as a guest' box at the bottom.

The savings accounts paying the most interest

It’s time to get your finances in shape, and moving your cash savings to a higher paying deal is a good plac...

Everything you need to know about being furloughed

Few people had heard of ‘furlough’ before March 2020, but the coronavirus pandemic thrust the idea of bein...

The experts’ guide to sorting out your personal finances in 2021

From opting to ‘low spend’ months to imposing your own ‘cooling-off period’, industry experts reveal t...

What will happen if rates change

How your finances will be impacted by a rise in interest rates.

Regular Savings Calculator

Small regular contributions can build up nicely over time.

Online Savings Calculator

Work out how your online savings can build over time.

Having a baby and your finances: seven top tips

We’re guessing the Duchess of Cambridge won’t be fretting about maternity pay or whether she’ll still be...

Protecting family wealth: 10 tips for cutting inheritance tax

Inheritance tax - sometimes known as 'death tax' - can cause even more heartache for bereaved families. But th...

Travel insurance: Five tips to ensure a successful claim

Ahead of your summer holiday, it’s important to make sure you have the right level of travel cover or you co...

Money Tips of the Week