, ,


ticketmaster data breach

Earlier this week, Ticketmaster admitted to a huge data protection breach. The hack, which impacts thousands of people in the UK, compromised customer names, addresses, email addresses, phone numbers, payment details and Ticketmaster login details. And, victims should now be looking to secure data breach compensation.

A delay in reporting

While Ticketmaster reported the issue to the Information Commissioner’s Office (ICO) – which it is required to do by law – it seems that the company was alerted to the breach back in early April, but failed to do anything about it. This delay is bound to be taken into consideration in any data breach compensation claim.

Worse, there are now reports that customers have been the victim of theft, with their cards used on money transfer service Xendpay, Uber gift cards and Netflix (among other items). And digital bank Monzo believes that Ticketmaster is the link between these fraudulent transactions.

What happened?

According to Monzo, it warned Ticketmaster that something strange was going on two months before the business revealed its payment pages had been hacked. But, in responding to the bank’s concerns, Ticketmaster said that: “an internal investigation had found no evidence of a breach and that no other banks were reporting similar patterns.”

Defending its actions at that time, Ticketmaster is now blaming third-party supplier Inbenta for the security breach. And the failure did happen after Inbenta was infected with malicious software while having access to the Ticketmaster website.

Ticketmaster maintains that: “When a bank or credit card provider alerts us to suspicious activity it is always investigated thoroughly with our acquiring bank, which processes card payments on our behalf. In this case, there was an investigation, but there was no evidence that the issue originated with Ticketmaster.”

However, Inbenta has put the blame back with Ticketmaster. It claims the ticket-giant placed JavaScript on the payment pages it hosts, without Inbenta’sknowledge. It was this script that was abused by hackers. In a statement, Inbenta said: “Had we known that the customized script was being used this way, we would have advised against it, as it incurs greater risk for vulnerability.”

With an ICO investigation now underway into the Ticketmaster data breach, whoever is to blame for this appalling data protection failure will no doubt have to pay a hefty fine. And, while the ICO does not award data breach compensation, our data breach solicitors can help you with that.

In addition to the initial negligence, Ticketmaster will also have to answer questions over why there was a delay in disclosing the breach.

What can you do to claim data breach compensation?

The data breach affects Ticketmaster, TicketWeb andthe resale website Get Me In!

UK customers who purchased, or attempted to buy, tickets between February and June 23 this year may be affected. As well as international customers who purchased, or tried to purchase, tickets between September 2017 and June 23.

Ticketmaster has said that it has informed those affected. But, while it has offered customers free security software, it has not provided data breach compensation.

However, it is clear that cybercriminals have access to this data and have already used it to carry our fraud, so more has to be done to hold Ticketmaster and any negligent third-party to account.

If you have been contacted by Ticketmaster and told that your details are at risk, you should make sure that by agreeing to any free offers, you are not inadvertently signing away your rights to make a data breach compensation claim.

As specialist data protection lawyers, we would urge anyone contacted to let us know. If you are a Ticketmaster or Get Me In user and you haven’t received an email make sure that you check your junk mail folder. If you have received an email, get in touch. We’ll let you know what is happening in this case and if and when you can make a data breach compensation claim.

What’s more, it doesn’t matter if there is no evidence that the data has been used to carry out identity theft or fraud. If the data breach has caused you stress or anxiety, then the law agrees that you are entitled to compensation.

Data breaches often have severe consequences for those affected so you could be entitled to around £5,000 in compensation.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply