The UK’s Information Commissioner’s Office (ICO) has fined Ticketmaster UK Limited £1.25 million for failing to keep its customers’ personal data secure.
The ICO found that the company failed to put appropriate security measures in place in 2018 to prevent a cyberattack on a chatbot installed on its online payment page.
Ticketmaster’s failure to protect customer information is a breach of the General Data Protection Regulation (GDPR).
Miles Tappin, VP of EMEA at ThreatConnect, said: “The true impact of the 2018 Ticketmaster data breach has finally been revealed, with over nine million customers having their personal details stolen. Organisations must learn from this and act quickly to ensure their customer data remains secure in the long term.
“Not doing the basics leaves the door open for cybercriminals. Organisations must understand the importance of fostering a culture of security to make better decisions and mitigate increasingly sophisticated and complex cyber threats. It’s vital that organisations begin to quantify the risks available to them, asking themselves how likely am I going to get attacked and how damaging will it be to their overall infrastructure? Organisations will then be able to prioritise how best to protect their customers, helping security teams focus on the most important tasks at hand.”