ICO Issues a Substantial Fine in Connection with a Third-Party Vendor Data Breach

The U.K.’s Information Commissioner’s Office (ICO) has fined Ticketmaster UK Limited £1.25 million for failing to keep its customers’ personal data secure.  The fine on Ticketmaster follows fines recently levied by the ICO on British Airways and Marriott in connection with their respective data breaches.

The Ticketmaster fine also arose from a breach, which began in February of 2018 and included customers’ names, payment card numbers, expiration dates and CVV numbers.  The breach potentially affected 9.4 million of Ticketmaster’s customers across Europe, including 1.5 million in the U.K.

The ICO concluded that a third-party-hosted chat-bot on the Ticketmaster’s online payment page allowed an attacker to access company’s customers’ financial details.  The ICO found that the company failed to put appropriate security measures in place to prevent a cyber-attack on the bot.  Furthermore, the company failed to timely identify the breach, even after a number of financial organizations reported suggestions of fraud to Ticketmaster. Overall, it took Ticketmaster nine weeks from being alerted to possible fraud to monitoring the network traffic through its online payment page.

As a result of the breach, 60,000 payment cards belonging to Barclays Bank customers had been subjected to fraud. Additional 6,000 cards were replaced by Monzo Bank after it suspected fraudulent use.

According to some estimates, more than half of data breaches are linked to third party providers, and the number continues to rise. Businesses must continuously assess the risks of their third-party vendor partners in light of the potential for personal information leaks in this area.  Furthermore, it is imperative for organizations to promptly investigate and respond in cases of suspected data breaches to minimize the loss of data and potential fines down the road.

Ask Clarip today how we can solve your biggest privacy compliance pain points, Call Clarip at 1-888-252-5653