The Ticketmaster data breach affects up to 40,000 people who bought tickets online between February 2018 and 23 June 2018. Ticketmaster has been found culpable for the violation and fined £1.25 million by the Information Commissioners Office (ICO) for failing to protect its customers’ payment details. And, in response, Keller Lenkner UK has launched a group action against Ticketmaster.
What do you need to know about this case?
1. You might not know that Ticketmaster breached your data
Today, because of GDPR, companies must tell people if their personal data is involved in a security breach. Ticketmaster has emailed those affected, informing them that their data was put at risk, and everyone who received this email can claim compensation.
However, in some cases, victims of the Ticketmaster breach may not have received this email. For example, it might have gone into your spam folder and been automatically deleted. If this is the case, you will need to prove that Ticketmaster compromised your data. Ticketmaster knows exactly who was impacted by this data breach and all you must do to find out if your details were exposed is to ask Ticketmaster if you were involved. The ICO provides a handy template to help you to raise any concerns about your data. You can send your Ticketmaster data request to: firstname.lastname@example.org.
2. The consequences of the Ticketmaster data breach are significant
The Ticketmaster data hack involved personal and payment information – both of which can be used to carry out data theft and financial fraud. And to date, the consequences of the Ticketmaster data breach have been substantial. Three years after the Ticketmaster security breach, many of our clients have suffered multiple fraudulent transactions on their payment cards and/or distress and/or psychological trauma as a direct result of the breach.
3. None of the ICO fine will go towards victims of this breach
The UK’s data protection regulator – the Information Commissioner’s Office (ICO) – has already found Ticketmaster to be in breach of its data protection obligations and has fined the business as a result. But any money received by the ICO goes back to the Treasury, not victims of the data breach. The only way UK victims of the Ticketmaster data breach can get compensation for any harm and/or distress experienced is to take legal action.
4. Ticketmaster ignored warnings that its systems were compromised
While Ticketmaster reported the issue to the Information Commissioner’s Office (ICO), which it is required to do by law, we now know that the company was alerted to the breach in early April 2018 but failed to do anything about it.
According to online bank Monzo, it warned Ticketmaster that something strange was going on two months before the business revealed its payment pages had been hacked. But, in responding to the bank’s concerns, Ticketmaster said: “an internal investigation had found no evidence of a breach and that no other banks were reporting similar patterns.”
5. You won’t destroy Ticketmaster for making a data breach claim
Some people are wary about making a data breach claim because they do not want to harm the organisation that breached their data. However, in a world that is increasingly digital, cyber-attacks are going to happen. So, organisations such as Ticketmaster usually take out insurance to cover the risk of cybercrime. As such, people should feel confident holding Ticketmaster to account for this appalling data protection failure.