At Keller Lenkner UK, our expert data breach lawyers are pursuing a group action claim against Ticketmaster following its 2018 data breach. But, with the privacy failure taking place over two years ago, why is the investigation taking so long? Here are our thoughts on the Ticketmaster data breach delay…
Ticketmaster is refusing to accept any blame for the data hack
The Ticketmaster data breach happened when hackers gained access to thousands of Ticketmaster customer details via chatbot software hosted by Inbenta Technologies. It was this software that was compromised in the data breach incident. As such, Ticketmaster claims that all responsibility for the data breach rests with Inbenta.
However, Inbenta has refuted that it is responsible. It admits that it supplied the code accessed in the Ticketmaster hack, but says that it did not know Ticketmaster planned to use it on a payment page. If it had been told that its product was going to be used that way, Inbenta states that it would have advised against it.
The fact that a third-party is involved in this breach does complicate matters. But it doesn’t mean that Ticketmaster wasn’t to blame. Ticketmaster is the company responsible for the security of the data it collects (e.g. customer names, payment card details, etc.). As such, it was responsible for making sure that adequate checks and processes were in place when it came to any third-party integration. So, implicating Inbenta as the one responsible seems both dishonest and legally neither here nor there.
In our expert opinion, Ticketmaster is attempting to using Inbenta as a scapegoat for this breach. And in doing so, is letting customers down.
The ICO is delaying its decisions
In group action cases, there is only so much that can be done until the UK’s data protection regulator (the ICO) has carried out its investigation into a breach and announced its findings. And, despite our frustration at the wait, that’s as it should be. It’s important to know the extent of any security failures before reparation can be properly discussed.
But despite our understanding of the ICO and its processes, we are concerned about the time some decisions are taking. And this includes the Ticketmaster data hack group action.
One possible reason for the ICO’s delay when it comes to Ticketmaster is that this case is legally very challenging. The Ticketmaster data breach affects people who bought tickets between September 2017 and 23 June 2018. With the GDPR coming into force on May 25th, 2018, the violation spans two different data protection acts:
- The Data Protection Act (DPA) 1998
- The Data Protection Act (DPA) 2018 (the UK’s version of the GDPR).
These acts have drastically different level of fines. The first up to a maximum of £500,000 and the second up to £17 million (or 4% of an organisation’s annual turnover, whichever is higher).
It is not yet clear which legislation is relevant, but the breach could be judged under both. Alternatively, the entire data protection failure could be treated as a breach under GDPR as it kept happening after the new laws came into force. If GDPR is used, the Ticketmaster data breach case will set the tone for action to be taken by the ICO in future breaches. So, it is understandable why the ICO needs time to get its decision right.
However, we are concerned about the Ticketmaster data breach delay, and in particular, the time it is taking the ICO to reach a decision. And we encourage anyone affected by this data breach to contact the regulator to share their frustrations about the delay.
The case is technically complicated, so the Ticketmaster data breach delay is expected
Our case against Ticketmaster is well underway and has moved through the document stage of litigation to the exchange of evidence stage and we are doing everything we can to keep things moving forward. However, the court recently gave both sides until April 2021 to produce their disclosure documents (evidence). This is because the court acknowledges that the Ticketmaster data breach case is very complex and technical.
You can still join our Ticketmaster group action
Despite the Ticketmaster data breach delay, at Keller Lenkner UK, our expert data protection lawyers are working hard to help victims of the hack to claim compensation. We’ve talked to hundreds of people who have been affected by this shocking privacy breach, and our compensation claim on behalf of hundreds of claimants is now in progress. But you can still join our fight against the ticketing giant.
Making a claim is simple and doing so sends a message to organisations everywhere that they must do more to protect their customers.