, , ,

Ticketmaster data breach: putting GDPR to the test

data breach ticketmaster

Following the Ticketmaster data breach – where cybercriminals got away with customers’ personal and financial information- the latest data protection regulations are now being put to the test.

Unless you have been living under a rock, you will have heard about GDPR. In fact, you’re probably fed up hearing about it. But GDPR is likely to have a significant impact on the way companies handle your valuable data; with enormous fines for those that don’t look after it properly.

And, according to data protection lawyers, the Ticketmaster data breach could be a real test to see if the legislation will hold companies to account.

What happened in the Ticketmaster data breach?

Ticketmaster was affected by a substantial data protection breach after cybercriminals hacked the company’s website. Different customers had different data stolen including:

  • Financial information stolen and used. There are reports that customers of Ticketmaster have been the victims of theft, with their cards used on money transfer service Xendpay, Uber gift cards and Netflix (among others). Anyone who has had their financial details stolen and used fraudulently could now be looking at compensation in the region of £5,000
  • Financial information stolen. Many of those affected by the Ticketmaster data breach will have had their financial details stolen but not used (at least not yet). Crucially, you can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss. If you had your financial details stolen during the Ticketmaster data hack, you could be looking at compensation in the region of £3,000
  • Email address stolen. If your email account has been hacked the consequences could be devastating. Again, it doesn’t matter if there is no evidence of your data being used. If the distress of having your data in the hands of cybercriminals has caused you suffering, you can make a claim. Anyone who has had their email address stolen could be looking at compensation in the region of £1,500
  • Other personal information stolen. Along with the financial info and email addresses stolen, the Ticketmaster hackers also gained access to personally identifiable information (PII). PII includes any data that can be used to identify a specific individual, and, if it gets into the wrong hands, it can be used to undertake identity fraud. Anyone who has had their personal data stolen could be looking at compensation in the region of £500 – £1,000.


Find out more about the different types of data breaches in this case.

Ticketmaster data breach and GDPR

The Ticketmaster data breach affects up to 40,000 people who bought tickets between September 2017 and 23 June 2018. With the GDPR coming into force on May 25th 2018, this means that the breach spans two different data protection acts:

  • The Data Protection Act (DPA) 1998
  • The Data Protection Act (DPA) 2018 (the UK’s version of the GDPR).

These acts have drastically different level of fines. The first up to a maximum of £500,000 and the second up to £17 million (or 4% of an organisation’s annual turnover, whichever is higher).

It is not yet clear which legislation is relevant, but the breach could be judged under both. Alternatively, the entire data protection failure could be treated as a breach under GDPR as it kept happening after the new laws came into force. If GDPR is used, the Ticketmaster data breach case will be considered a test case that is likely to set the tone for action to be taken by the ICO in future breaches.

What does this mean for you?

In truth, while data protection lawyers are eagerly waiting to see what legislation applies, for people who had had their data breached it doesn’t make much difference. Mainly because, while the ICO can impose a fine on a company, this isn’t given to victims of the data breach.

The only way for you to hold Ticketmaster to account is to make a data breach compensation claim.

At Hayes Connor Solicitors, we have already been contacted by lots of Ticketmaster customers who are worried that their data was not looked after as carefully as it should have been.

In response, we are supporting no-win, no-fee compensation claims for everyone who has had their data accessed in the Ticketmaster data breach. Depending on the numbers involved we may even start a group action against Ticketmaster.

Find out more about making a claim against Ticketmaster.

To start your compensation claim, you will need you to register with us. We’ll let you know what is happening in this case and if and when you can make a data breach compensation claim.



0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply