This week, we saw Ticketmaster sheepishly apologising for a data breach which saw their customer’s personal identifiable data fall into the wrong hands.
Their admirable handling of the aftermath will still no doubt have come at a cost – it not only negatively impacts their reputation, but this debacle puts them under continuous scrutiny and presents the possibility of a fine from the ICO.
The breach itself actually came from a third-party source, Inbentor Technologies, who operate a chatbot on their website. Hackers exploited their code and were able to extract customer payment information from the Ticketmaster website. Both organisations are clearly at fault – but where will the media and customers place their blame? See how the breach is reported below – no mention of Inbentor.
Should we check our suppliers’ integrity?
We’ve spoken a lot about GDPR recently and the subsequent cost and effort organisations bare to ensure they are compliant with the new regulations. We’ve also stressed the importance of ongoing evaluation of data to ensure continuous compliance. Ticketmaster appear to have overlooked how secure and compliant their subcontractors or third parties are, and they are unlikely to be on their own in this. Organisations trust that these service providers are also legitimately handling their own data in accordance with ethical and regulatory standards – to the same level the organisation itself is handling its own data. Clearly, this is not the case. There will be contracts in place, and the likelihood is that Inbentor will be liable for any costs associated with the breach but how do Ticketmaster repair their reputation?
Supply chain audits
Our innovative RiskView software can be used before a contract is signed as a compliance check and can regularly audit them to ensure that your organisation is making safer contractual decisions.
- 15th July 2019Third Party Data Protection
- 10th July 2019Two Fines in Two Days – ICO Plans to Fine Marriot £99m
- 10th July 2019ICO Issues A Record Fine for BA
- 2nd July 2019Do You Have True Visibility of Your Data?
- 18th June 2019Reduce Your Exposure to a Data Breach
- 15th May 2019Organisations Relationship with Cybersecurity and their Workforce – In Scope
- 9th May 2019Subject Access Requests
- 1st May 2019Data Discovery
- 26th April 2019Defence In Depth
- 23rd April 2019IT Systems Impact On Staff Wellbeing