Ticketmaster fined £1.25m over customer data breach in 2018
The Information Commissioner’s Office fined Ticketmaster £1.25m for losing over a million British customers’ personal payment card details in 2018.
According to Sky News, the company said at the time that 40,000 customers’ details had been stolen by hackers and compromised. The ICO said that the true number of affected people was much larger.
The hack potentially affected 9.4m customers including 1.5m in the UK.
According to the ICO, the data breach included names, payment card numbers, expiry dates and CVV numbers.
Ticketmaster failed to "assess the risks of using a chat-bot on its payment page, identify and implement appropriate security measures to negate the risks. [and] identify the source of suggested fraudulent activity in a timely manner" according to the ICO.
It took Ticketmaster nine weeks to identify the breach.
The watchdog's deputy commissioner, James Dipple-Johnstone, said: "When customers handed over their personal details, they expected Ticketmaster to look after them. But they did not.
"Ticketmaster should have done more to reduce the risk of a cyber-attack. It's failure to do so meant that millions of people in the UK and Europe were exposed to potential fraud.
"The £1.25m fine we've issued today will send a message to other organisations that looking after their customers' personal details safely should be at the top of their agenda."