Following a cyber-attack on the Ticketmaster website in 2018, the company Ticketmaster UK has been fined £1.25m by the Information Commissioner’s Office (ICO) for not managing to keep its customers’ personal data safe.
The ICO declared that personal information and payment details were possibly stolen from nine million customers all around Europe due to the attack. An investigation was put into place, leading to the findings of a vulnerability in a third-party chatbot built by Inbenta Technologies on the Ticketmaster online payment page. It seems that the cybercriminals used the chatbot to access the customers’ details.
Due to the attack, around 60.000 users were victims of the fraud and many had had their payment cards replaced.
The Commonwealth Bank of Australia, Barclaycard, Mastercard, and American Express had apparently tried to warn Ticketmaster of the suspected attack, but the company took nine weeks to begin monitoring activity on its payment page. If it had done it earlier, the risk of attacks would have been dramatically reduced. Because of it, millions of people were victims of fraud.
Ever since the attack happened, Ticketmaster said to have offered its full cooperation to the ICO and are planning to appeal against the ruling. However, the law firm Keller Lenkner is determined to pursue legal action against Ticketmaster on behalf of the victims.