Ticketmaster fined $1.7 Million for failing to protect customer data

November 16, 2020 Video Bytes Leave a comment 254 Views

Date: 16^th Nov 2020

Attack/Breach Status: Successful

Severity Impact/Potential: High

Headlines: Ticketmaster fined $1.7 Million for failing to protect customer data

UK based company Ticketmaster has been fined $1.7 million by the Regulator for non-compliance of EU’s General Data Protection Regulation.

Regulators confirmed that the company failed to properly secure chatbot software that it opted to run on their payments page, which attackers subverted, allowing them to steal payment card information. After being alerted to suspected card fraud that traced to its site, Ticketmaster UK allegedly failed to mitigate the problem for nine more weeks.

The fine was announced on Friday by the Information Commissioner’s Office, which enforces GDPR in Britain.

This breach has exposed personal details, including names, payment card numbers, expiration dates and CVV numbers of approximately 9.4 million European Ticketmaster customers.

https://www.databreachtoday.com/ticketmaster-fined-17-million-for-data-security-failures-a-15369

===========================

Recommendations:

Organization should focus on Building a multi-layer defence and risk management strategy to strengthen the security, confidentiality and privacy of customer data across all data point where it is stored or processed. Following should be taken into consideration for building a good defensive strategy for similar web-based threats:

Assess effectiveness of security control at each individual data point where customer information is stored or processed including Service Provider node
Deploy a good Web Application Firewall which meets all your use cases of business risk
Include behaviour and risk-based challenge mechanism for any attempt of transaction
Ensure Integrity of your source codes, pages and communications are maintained all the time
Deploy Page Integrity solution for your Application to protect malicious or unauthorized code injections
Perform daily checks for infection across all customer facing pages
Regularly review all web transaction logs for any malicious behaviour

WhitehatGuru

Ticketmaster fined $1.7 Million for failing to protect customer data

Related Articles

Check Also

Security breach at FireEye – even the best and biggest organizations can be victim

Leave a Reply Cancel reply

Thwarting XSS!

Online Safety: Things to Do & Things to Avoid

Understanding IP datagram – the easy way

Learn to Love your Log files

Cracking wireless Network WEP protection

Hiring for Computer Engineers McKinsey’s way

SpyShredder : Manual Removal Instruction

Orkut has banned you fool! The administrators didn’t write this program guess who did?

Microsoft Updates:Fix Nine Security Holes

Manually Removing MyDoom/W32/W32.Novarg.A-mm

Test your Antivirus with EICAR file

Orkut has banned you fool! The administrators didn’t write this program guess who did?

EDI:lass {EDI: Integration as a Service}

DuPage Medical group was victim of Cyber-attack in mid-July, potentially compromised patients’ information

Misconfiguration of Amazon AWS Web Services leaves half a million customers exposed

Facebook, WhatsApp, Instagram apps were down for nearly 6 hours

2 Big eye care providers hit by hackers resulting in Data breach

Man sentenced for 12 years in AT&T ‘Unlocking’ Scheme

Hackers access personal data of 79,400 customers of local mobile operator and internet service provider in Singapore

WhatsApp has been fined with a penalty of 225 million Euros for violating European Union Data protection law