Ticketmaster is fined 1.39 million euros after data breach – Computer – News

Ticket sales service Ticketmaster has been fined 1.39 million euros in England for violating the privacy law. The service was hacked in 2018. The British privacy regulator says that Ticketmaster had bad security.

The fine comes from the Information Commissioner’s Office, the British privacy regulator comparable to the Dutch Data Protection Authority. Which has to the UK branch of Ticketmaster a fine of 1.25 million pounds imposed, converted 1.39 million euros. The hack shows poor security, according to the ICO, and Ticketmaster violated the GDPR.

The data breach at Ticketmaster took place in February 2018, when the website warned some of the customers already before the data breach. Hackers would infiltrated the website with the Magecart malware, a well-known credit card skimmer. This was done via a chatbot on the Ticketmaster site. That chatbot came from an external supplier. The data breach stole data from an estimated 9.4 million European users. This included credit card details including CVV codes. 1.5 million victims came from the United Kingdom.

The ICO concludes in his report that Ticketmaster fell short on several points. The company did not foresee the risk of the presence of a chatbot on the payment page, and had not set up specific security measures for this. Ticketmaster also realized too late that a theft was taking place. The company did not start monitoring network traffic on the payment page until nine weeks after the first signals. Under European privacy law, it is a requirement that companies have adequate data security for personal data.

“When customers passed on their personal data, they expected Ticketmaster to handle it properly. But that did not happen,” writes the regulator. “Ticketmaster should have done more to reduce the risk of a cyber attack. The fact that it did not mean that millions of people are victims of potential fraud.” The regulator says that the fine ‘is a signal to other organizations’, and that they must pay close attention to the security of customer data.

The data breach started in February 2018, but the GDPR was not officially in effect at that time. The privacy law was also enforced in England only from May 25 of that year. The fine therefore applies to violations that took place from that period. Ticketmaster only took the chatbot off the site in June 2018. The ICO says it has acted on behalf of all European privacy regulators, because the violation took place while the UK was still in the European Union.

–