Ticketmaster fined £1.25m for 2018 cyberattack
More than 9 million people may have been affected, the regulator says
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Ticketmaster has received a £1.25m fine from the UK data regulator for failing to implement security measures to prevent a 2018 cyberattack that exposed millions to potential fraud.
The Information Commissioner's Office (ICO) personal found that information and payment details may have been stolen from more than 9 million customers in Europe, including 1.5 million in the UK.
The attack on the ticket sales and distribution site took place through a chatbot on its online payment page when a hacker used the bot access customer payment details.
At the time the company said malware on a third-party customer support software was behind the attack.
Some 60,000 Barclays Bank customers suffered fraud as a result of the security breach, while Monzo Bank sent out 6,000 replacement cards after suspicions of fraud.
Ticketmaster said it will appeal the fine, which was reduced by £250,000 due to the financial hit of the coronavirus pandemic.
Despite warnings from several banks, it took the website nine weeks to begin monitoring activity on its payments page, the ICO said.
James Dipple-Johnstone, ICO deputy commissioner, said: "When customers handed over their personal details, they expected Ticketmaster to look after them. But they did not.
"Ticketmaster should have done more to reduce the risk of a cyberattack.
“Its failure to do so meant that millions of people in the UK and Europe were exposed to potential fraud.”
A spokesperson for the company said: "Ticketmaster takes fans' data privacy and trust very seriously.
“Since Inbenta Technologies was breached in 2018, we have offered our full cooperation to the ICO. We plan to appeal today’s announcement.”
Malicious software was found inside third-party software created by Inbenta Technologies but running on Ticketmaster's site, the latter firm admitted in 2018, adding that customers’ “personal or payment information may have been accessed” by unknown figures over a period of months.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments