Ticketmaster fined $1.7 Million for failing to protect customer data

Date: 16th Nov 2020

Attack/Breach Status: Successful 

Severity Impact/Potential: High

Headlines: Ticketmaster fined $1.7 Million for failing to protect customer data

UK based company Ticketmaster has been fined $1.7 million by the Regulator for non-compliance of EU’s General Data Protection Regulation.

Regulators confirmed that the company failed to properly secure chatbot software that it opted to run on their payments page, which attackers subverted, allowing them to steal payment card information. After being alerted to suspected card fraud that traced to its site, Ticketmaster UK allegedly failed to mitigate the problem for nine more weeks.

The fine was announced on Friday by the Information Commissioner’s Office, which enforces GDPR in Britain.

This breach has exposed personal details, including names, payment card numbers, expiration dates and CVV numbers of approximately 9.4 million European Ticketmaster customers.

https://www.databreachtoday.com/ticketmaster-fined-17-million-for-data-security-failures-a-15369

===========================

Recommendations:

Organization should focus on Building a multi-layer defence and risk management strategy to strengthen the security, confidentiality and privacy of customer data across all data point where it is stored or processed. Following should be taken into consideration for building a good defensive strategy for similar web-based threats:

  • Assess effectiveness of security control at each individual data point where customer information is stored or processed including Service Provider node
  • Deploy a good Web Application Firewall which meets all your use cases of business risk
  • Include behaviour and risk-based challenge mechanism for any attempt of transaction 
  • Ensure Integrity of your source codes, pages and communications are maintained all the time
  • Deploy Page Integrity solution for your Application to protect malicious or unauthorized code injections 
  • Perform daily checks for infection across all customer facing pages
  • Regularly review all web transaction logs for any malicious behaviour

Check Also

Security breach at FireEye – even the best and biggest organizations can be victim

Date: 8th Dec 2020 Attack/Breach Status: Successful  Severity Impact/Potential: High Headlines: FireEye, one of the …

Leave a Reply

Your email address will not be published.