Ticketmaster UK Limited – €1,462,500 Fine (United Kingdom, 2020)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Ticketmaster UK faced a EUR 1.462 million fine for not securing customer data, leading to a data breach. The breach affected millions of customers' financial information. This emphasizes the critical need for businesses to ensure strong data protection measures.
What happened
Ticketmaster did not secure customer data adequately, resulting in a data breach that exposed financial information.
Who was affected
Customers whose financial data, including payment card details, were exposed during the breach.
What the authority found
The Information Commissioner's Office determined that Ticketmaster failed to implement necessary security measures, breaching GDPR requirements.
Why this matters
This case highlights the serious consequences of inadequate data security for businesses. It stresses the importance of proactive measures to prevent data breaches and protect customer information.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
*Ticketmaster is a company selling tickets online of events around the world. By its activities, which includes collecting, storing and using the personal data of its individual consumers, for the purpose of online selling, the company is a controller in respect of personal data of its customers, within the meaning of the Article 4(2; 7) GDPR. Ticketmaster was using chat-bot system on its payment page. *The costumer companies of Ticketmaster started reporting fraudulent transactions in February 2018. The Commonwealth Bank of Australia, Monzo Bank, Barclaycard, Mastercard and American Express all reported suggestions of fraud to Ticketmaster. But the company failed to identify the problem and in total, it took Ticketmaster nine weeks from being alerted to possible fraud to monitoring the network traffic through its online payment page. *9.4 million EEA data subjects were notified as having been potentially affected by the Personal Data Breach, of whom 1.5 million data subjects originated in the United Kingdom. *Ticketmaster has received approximately 997 complaints alleging financial loss and/or emotional distress. *Ticketmaster notified the Commissioner of the Attack on 23 June 2018 by an email *In response, the Commissioner commenced an investigation into the incident. That investigation included various exchanges with Ticketmaster and considering detailed submissions and evidence. The ICO has to determine if the company took all appropriate security measures to protect data while processing and to identify and prevent a cyber-attack on a chat-bot installed on its online payment page. The Commissioner held that in respect of the Incident, Ticketmaster had failed to comply with its obligations under Article 5(1)(f) and Article 32 of GDPR. #Article 5 (1) : Ticketmaster has failed to comply with the requirements of GDPR including to process personal data in a manner that ensures appropriate security of the data, including protection against unauthorised or unlaw
Related Enforcement Actions (1)
Other enforcement actions involving Ticketmaster UK Limited in UK
Details
Fine Date
13 November 2020
Authority
Information Commissioner's Office
Fine Amount
€1,462,500
1,250,000 GBP
GDPRhub ID
gdprhub-2880About this data
Cite as: Cookie Fines. Ticketmaster UK Limited - United Kingdom (2020). Retrieved from cookiefines.eu
Last updated: