Expert Comments

Ticketmaster Fined £1.25m Over Payment Data Breach

Expert(s):
Expert(s):

The UK’s Information Commissioner’s Officer confirmed on Friday that it was fining Ticketmaster £1.25 million in relation to a data breach of the ticketing firm’s website back in 2018.

Experts Comments

Dot Your Expert Comments
Aman Johal
November 20, 2020
Lawyer and Director
Your Lawyers

Corporate responsibility when it comes to data protection must always be a top priority
The ICO’s penalty is a step in the right direction for cybersecurity accountability, and any fine issued must have a dissuasive effect and set clear precedents that breaching important data protection laws will be punished. The Ticketmaster data breach was a completely avoidable incident that impacted 1.5 million UK customers alone. Despite investigations in April 2018, Ticketmaster failed to identify the coding vulnerability for some 9 weeks thereafter. This vulnerability should not have.....Read More
The ICO’s penalty is a step in the right direction for cybersecurity accountability, and any fine issued must have a dissuasive effect and set clear precedents that breaching important data protection laws will be punished. The Ticketmaster data breach was a completely avoidable incident that impacted 1.5 million UK customers alone. Despite investigations in April 2018, Ticketmaster failed to identify the coding vulnerability for some 9 weeks thereafter. This vulnerability should not have been there in the first place, let alone neglected for so long despite the problem being raised. It should not be the case of a third-party (in this case, a bank) flagging data breaches to a business, nor is it acceptable for Ticketmaster to simply shift the blame to Inbenta as the providers of the chatbot service. The buck firmly stops with Ticketmaster; complacency is never an acceptable excuse. Corporate responsibility when it comes to data protection must always be a top priority. Importantly, consumers have every right to pursue Ticketmaster for compensation as part of a Group Action claim, and my firm continues to offer No Win, No Fee legal support to those affected. Compensation action serves to ensure justice for the victims as well as increasing the punishment for offenders, which is hugely important given that we continue to see worryingly high numbers of data breach events that affect millions of people in the UK.  Read Less
Prash Somaiya
November 18, 2020
Technical Program Manager
HackerOne

Data breaches can cost millions in damages and fines.
The ICO’s decision is evidence of the changing times. Data breaches can cost millions in damages and fines, as well as have a devastating impact on customer trust. In fact, our research has studied the costs, lawsuits and fines associated with the data breach that affected TicketMaster in 2018 and compared it to the bounty prices associated with the third-party JavaScript vulnerability that was exploited in that breach. Had the vulnerability been identified and responsibly disclosed by.....Read More
The ICO’s decision is evidence of the changing times. Data breaches can cost millions in damages and fines, as well as have a devastating impact on customer trust. In fact, our research has studied the costs, lawsuits and fines associated with the data breach that affected TicketMaster in 2018 and compared it to the bounty prices associated with the third-party JavaScript vulnerability that was exploited in that breach. Had the vulnerability been identified and responsibly disclosed by hackers as part of a bug bounty program, the organisations would have only had to pay out between £4,149 - £8,328 based on average bug bounty prices. Surely this is a small price to may when taking into account the fine now facing the company. Attack surfaces have increased as we continue to digitally transform and adapt, meaning it will always be a challenge trying to stay ahead of cybercriminals. To remain secure, organisations must identify where they are most vulnerable. By running bug bounty programs and using hackers to find the holes in their security, our customers have safely resolved over 180,000 vulnerabilities before a breach could occur. Through just an estimate of the pay-outs hackers have received for reporting similar vulnerabilities, our research highlights how companies can save millions and reduce risk by being proactive when it comes to identifying and patching their vulnerabilities.  Read Less
Miles Tappin
November 17, 2020
Vice President, EMEA
ThreatConnect

Organisations must learn from this and act quickly to ensure their customer data remains secure in the long term.
The true impact of the 2018 Ticketmaster data breach has finally been revealed, with over nine million customers having their personal details stolen. Organisations must learn from this and act quickly to ensure their customer data remains secure in the long term. Not doing the basics leaves the door open for cybercriminals. Organisations must understand the importance of fostering a culture of security to make better decisions and mitigate increasingly sophisticated and complex cyber threats. .....Read More
The true impact of the 2018 Ticketmaster data breach has finally been revealed, with over nine million customers having their personal details stolen. Organisations must learn from this and act quickly to ensure their customer data remains secure in the long term. Not doing the basics leaves the door open for cybercriminals. Organisations must understand the importance of fostering a culture of security to make better decisions and mitigate increasingly sophisticated and complex cyber threats. It’s vital that organisations begin to quantify the risks available to them, asking themselves how likely am I going to get attacked and how damaging will it be to their overall infrastructure. Organisations will then be able to prioritise how best to protect their customers, helping security teams focus on the most important tasks at hand. Coupling risk quantification with intelligence sharing will guarantee a united and streamlined approach to protecting customers. The more information organisations are able to discover, the better their data driven decision making process becomes – in turn minimising organisational risks. With continuous insight, there is no doubt that threats can be mitigated as organisations collect the data, connect the dots, and understand the true nature of the threats they face.  Read Less

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

UK Minister Raab Wakes Up to Aggressive Cyber-Attacks Targeting British...

~200K US Military Vets’ Medical Records Leaked by 3rd Pty...

Experts Responses on Verizon DBiR Findings

Expert Reaction On Researcher Proves AirTags Can Be Hacked

Babuk Ransomware Gang Again Threatens DC Police Data Release

UK Home Secretary Warns Not To Pay Out To Ransomware...

U.S. Issues Ransomware Advice For Critical Infrastructure

Android Banking Trojan- Experts Insight

TeaBot Android Bank Trojan Steals EU User Credentials

NCSC Active Cyber Defence Fourth Year Report