This week, we saw Ticketmaster sheepishly apologising for a data breach which saw their customer’s personal identifiable data fall into the wrong hands.
Their admirable handling of the aftermath will still no doubt have come at a cost – it not only negatively impacts their reputation, but this debacle puts them under continuous scrutiny and presents the possibility of a fine from the ICO.
The breach itself actually came from a third-party source, Inbentor Technologies, who operate a chatbot on their website. Hackers exploited their code and were able to extract customer payment information from the Ticketmaster website. Both organisations are clearly at fault – but where will the media and customers place their blame? See how the breach is reported below – no mention of Inbentor.
Should we check our suppliers’ integrity?
We’ve spoken a lot about GDPR recently and the subsequent cost and effort organisations bare to ensure they are compliant with the new regulations. We’ve also stressed the importance of ongoing evaluation of data to ensure continuous compliance. Ticketmaster appear to have overlooked how secure and compliant their subcontractors or third parties are, and they are unlikely to be on their own in this. Organisations trust that these service providers are also legitimately handling their own data in accordance with ethical and regulatory standards – to the same level the organisation itself is handling its own data. Clearly, this is not the case. There will be contracts in place, and the likelihood is that Inbentor will be liable for any costs associated with the breach but how do Ticketmaster repair their reputation?
Supply chain audits
Our innovative RiskView software can be used before a contract is signed as a compliance check and can regularly audit them to ensure that your organisation is making safer contractual decisions.
- 12th September 20192019 on track to be the “worst year on record” for data breach activity
- 10th September 2019Leaving the EU: Brexit and GDPR
- 9th September 2019Data Breaches: Did you know?
- 5th September 2019What should you do if your data has been breached?
- 3rd September 2019GDPR was just the beginning
- 14th August 2019The dangers of Subject Access Requests
- 12th August 2019Is GDPR now being taken more seriously?
- 5th August 2019The financial impact of Subject Access Requests
- 1st August 2019DDC AS Launches SmartRedact
- 31st July 2019Don’t be blindsided by your organisations handling of data