The event giant Ticketmaster is now facing the aftermath of a cybersecurity incident that happened two years ago. The UK ICO has imposed a fine on Ticketmaster over the 2018 data breach.
Ticketmaster Data Breach Overview
In June 2018, Ticketmaster disclosed a data breach that apparently affected only 5% of customers. However, it was a serious breach since it affected both UK customers as well as international users.
Initially, the exact number of customers impacted during the incident remained unclear. The service also strived to put the blame on their chat widget powered by Inbenta Technologies.
However, Inbenta clearly explained the matter, revealing the security lapse at Ticketmaster. At the same time, a banking institution Monzo also disclosed that they had already informed Ticketmaster of the matter two months before their formal disclosure of the breach.
ICO Imposed Fine On Ticketmaster
As the investigations progressed, it became clear that Ticketmaster would have to face a fine according to the EU GDPR.
This now looks true since the UK ICO has imposed a fine of £ £1.25million ($1.65 million). According to the details, the breach affected 9.4 million customers across Europe, with 1.5 million belonging to the UK only.
Hence, the fine has been imposed as per the EU GPDR (since the breach happened before Brexit).
Although the breach began in February 2018, the penalty only relates to the breach from 25 May 2018, when new rules under the General Data Protection Regulation (GDPR) came into effect…
The breach occurred before the UK left the EU, therefore the ICO investigated on behalf of all EU authorities as lead supervisory authority under the GDPR.
Nonetheless, things still seem less harsh for Ticketmaster. It’s because the ICO has taken into account the current economic situation due to the COVID-19 pandemic.
On 7 February 2020, the ICO issued Ticketmaster UK Limited with a notice of intent to fine and received written representations in response. As part of the regulatory process, the ICO considered these and the economic impact of COVID-19 before setting the final penalty.
According to the Deputy Commissioner, James Dipple-Johnstone, this fine will serve as a lesson for other organizations. It will make them realize the importance of customers’ data security.