Ticketmaster fined £1.25 million as multi-party action progresses to disclosure
November 17, 2020
The Information Commissioner’s Office (ICO) has fined Ticketmaster £1.25 million for failing to protect customers’ payment details.
Commenting on developments, Gareth Shires said:
“This fine issued by the ICO has significant implications for our multi-party action against Ticketmaster UK Limited.
“The ICO has confirmed that Ticketmaster’s actions constituted a serious failure to comply with the General Data Protection Regulation (‘GDPR’). Ticketmaster placed a chat-bot on its online payment page into which an attacker was able to insert malicious code that collected data inputted by customers.
“The ICO found that Ticketmaster failed to assess the risks of using a chat-bot on its payment page, failed to discharge its obligations to meet industry standards, failed to identify and implement appropriate security measures to negate the risks, and failed to identify the source of suggested fraudulent activity in a timely manner.
“Our multi-party action against Ticketmaster is now progressing to disclosure, and the insights provided by the ICO report will no doubt assist in that process.”
Kingsley Hayes, head of data breach and cybercrime at Keller Lenkner UK, said:
“This has been long awaited following Ticketmaster’s data breach which started in February 2018 and continued for several months. While this is a significant financial penalty, it should be noted that the ICO has to take the economic impact of the pandemic into consideration therefore, Ticketmaster’s fine today is significantly less than it would have been in ordinary circumstances.
“The breach has been identified as being caused by a third-party chat bot facility used on its payments page. While several banks tried to alert Ticketmaster of potential fraud, it took an unacceptable nine weeks for action to be taken exposing an estimated 1.5 million UK customers – details included bank information.
“Keller Lenkner UK is currently at an advanced stage of a High Court action against Ticketmaster on behalf of thousands of affected customers with the effects of the breach causing actual, and potential, financial harm and psychological damage.”