LONDON (CelebrityAccess) — UK data privacy regulator The Information Commissioner’s Office (ICO) has hit Ticketmaster UK with a £1.25million ($1.6m) for failing to adequately secure its customer’s personal data.
The ICO imposed the fine against Ticketmaster UK over a 2018 breach in which hackers used a chat bot on the company’s online payment page to gain access to sensitive information for millions of customers in the UK and Europe.
The breach began in February 2018 when several banks began reporting fraudulent transactions on customer’s cards.
Compromised data included payment card numbers, expiry dates and CVV numbers and resulted in at least 6h,000 credit and debit cards being used for fraud, the ICO said.
According to ICO, it took Ticketmaster UK nine weeks from being alerted of possible fraud to begin monitoring the network traffic through its online payment page.
The ICO leveled the fine against Ticketmaster UK for failing to identify and implement appropriate security measures, for failing to identify the source of the fraud in a timely manner and for failing to properly assess the risk of running the chat bot on their payment page.
“When customers handed over their personal details, they expected Ticketmaster to look after them. But they did not,” James Dipple-Johnstone, ICO Deputy Commissioner said. “Ticketmaster should have done more to reduce the risk of a cyber-attack. Its failure to do so meant that millions of people in the UK and Europe were exposed to potential fraud.”
“The £1.25milllion fine we’ve issued today will send a message to other organizations that looking after their customers’ personal details safely should be at the top of their agenda,” he added.