Is there a Ticketmaster GDPR fine on the horizon?

sign-up for a Virgin Media data breach

A key question right now is whether there is a Ticketmaster GDPR fine on the horizon. With the Ticketmaster data breach being the big data news recently, what punishments are they set to face?

We’ve already taken cases on for victims of the Ticketmaster data breach, and although any fine or penalty issued by the UK’s data watchdog, the Information Commissioner’s Office (ICO), is independent of the legal action we’re taking, we’re closely monitoring the ICO developments.

Given the dates that the data was exposed, they could be set for a GDPR fine, and we think this would be justified.

Ticketmaster GDPR fine would be justified

A Ticketmaster GDPR fine would be justified in our view, for a number of reasons.

Firstly, the data exposed in the breach was vulnerable for far too long: between February 2018 and June 2018. This is way too long for any leading organisation in their in industry to have failed to identify a problem.

During this period of time, victims’ data was being copied from some altered JavaScript at the ticket purchasing point and was going right into the hands of the cyber-hackers. How the Ticketmaster data breach happened in the first place is, in itself, another reason to justify a GDPR fine.

An additional reason is the warnings that they failed to act on. According to the bank Monzo, they identified a worrying trend in 50 customers who had reported fraudulent transactions to them. Having investigated the trends, Monzo found that 70% of those people affected had used Ticketmaster in the previous few months.

This information was relayed to Ticketmaster in April, who apparently conducted an internal investigation yet found no evidence of a breach.

This is an inescapable trend, and these key reasons justify a Ticketmaster GDPR fine.

Will a Ticketmaster GDPR fine have an impact on legal action for compensation?

Legal action for compensation and any Ticketmaster GDPR fine are separate matters, but the choice the ICO has over whether to issue a fine that can amount to £17m may depend on how serious they think the case is.

We think this is a serious data breach case, particularly because of the failures to act when there were, in our view, clear opportunities.

IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.

Request a Callback from our team!

Fill out our quick call back form below and we’ll contact you when you’re ready to talk to us.
All fields marked * are required.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy.
You have the right to object to the processing of your personal data.