The UK’s Information Commissioner’s Officer confirmed on Friday that it was fining Ticketmaster £1.25 million in relation to a data breach of the ticketing firm’s website back in 2018.
The ICO’s penalty is a step in the right direction for cybersecurity accountability, and any fine issued must have a dissuasive effect and set clear precedents that breaching important data protection laws will be punished.
The Ticketmaster data breach was a completely avoidable incident that impacted 1.5 million UK customers alone. Despite investigations in April 2018, Ticketmaster failed to identify the coding vulnerability for some 9 weeks thereafter. This vulnerability should not have been there in the first place, let alone neglected for so long despite the problem being raised.
It should not be the case of a third-party (in this case, a bank) flagging data breaches to a business, nor is it acceptable for Ticketmaster to simply shift the blame to Inbenta as the providers of the chatbot service. The buck firmly stops with Ticketmaster; complacency is never an acceptable excuse. Corporate responsibility when it comes to data protection must always be a top priority.
Importantly, consumers have every right to pursue Ticketmaster for compensation as part of a Group Action claim, and my firm continues to offer No Win, No Fee legal support to those affected. Compensation action serves to ensure justice for the victims as well as increasing the punishment for offenders, which is hugely important given that we continue to see worryingly high numbers of data breach events that affect millions of people in the UK.
Attack surfaces have increased as we continue to digitally transform and adapt, meaning it will always be a challenge trying to stay ahead of cybercriminals. To remain secure, organisations must identify where they are most vulnerable. By running bug bounty programs and using hackers to find the holes in their security, our customers have safely resolved over 180,000 vulnerabilities before a breach could occur. Through just an estimate of the pay-outs hackers have received for reporting similar vulnerabilities, our research highlights how companies can save millions and reduce risk by being proactive when it comes to identifying and patching their vulnerabilities.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics