Ticketmaster UK Limited – €1,405,000 Fine (United Kingdom, 2020)

€1,405,000Information Commissioner's Office13 November 2020United Kingdom
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Ticketmaster UK was fined EUR 1.405 million for not securing customer data properly, leading to a cyber attack. This attack exposed sensitive financial information of millions of customers. The case highlights the importance of robust security measures for online businesses.

What happened

Ticketmaster failed to protect customer data, resulting in a cyber attack that exposed financial information.

Who was affected

European customers whose financial data, including payment card details, were compromised in the attack.

What the authority found

The Information Commissioner's Office found that Ticketmaster did not have adequate security measures in place, violating GDPR's data protection requirements.

Why this matters

This case underscores the need for companies to implement strong security protocols to protect customer data. It serves as a warning to online businesses about the financial and reputational risks of inadequate data protection.

GDPR Articles Cited

AI-verified

Art. 32 GDPR
Art. 5(1)(f) GDPR
View original scraped data
Art. 5(1)(f) GDPR
Art. 32 GDPR

Original data from scraper before AI verification against source document.

Source verified 5 March 2026
national law identified
United Kingdom enforcementInformation Commissioner's Office actionsAll Ticketmaster UK Limited actions
Full Legal Summary
Detailed

Ticketmaster UK Limited has been fined GBP 1.25 million (approximately EUR 1.405 million) for failing to protect the personal data of its customers with adequate security measures. Potentially 9.4 million European customers could have been affected by a cyber attack between February 2018 and June 23, 2018 due to the use of an insufficiently secured chat bot hosted by a third party in its online payment site which allowed an attacker to gain access to customers' financial information. According to the Data Protection Agency, personal data such as names, full payment card numbers, Ticketmaster usernames and passwords, expiration dates and Card Verification Value (CVV) numbers were affected. The DPA also found that 60,000 payment cards belonging to Barclays Bank customers were subject to fraud, and several international banks also reported fraudulent activity to Ticketmaster.

Related Enforcement Actions (1)

Other enforcement actions involving Ticketmaster UK Limited in UK

Fine
Nov 2020· Information Commissioner's Office

*Ticketmaster is a company selling tickets online of events around the world. By its activities, which includes collecting, storing and using the pers...

€1.5M
Current
Nov 2020

Fine

€1.4M

Details

Fine Date

13 November 2020

Authority

Information Commissioner's Office

Fine Amount

€1,405,000

Enforcement Tracker ID

ETid-440

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Ticketmaster UK Limited - United Kingdom (2020). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: