Ticketmaster’s data breach affecting up to 40,000 people is likely to be the first litmus test of GDPR enforcement in the UK, data protection lawyers agree.
The ticket-selling platform reported a breach last week, when it discovered a malware attack on third-party vendor Inbenta’s chatbot had enabled hackers to steal names, addresses, email addresses, telephone numbers, payment card details and Ticketmaster login details.
Affecting customers buying tickets between September 2017 and 23 June 2018, the breach spans two different data protection acts: the Data Protection Act (DPA) 1998, and the Data Protection Act (DPA) 2018 – the latter being the UK’s version of the EU’s General Data Protection Regulation (GDPR).
This is relevant to all businesses because of the dramatically different level of fines the UK regulator can impose. The 1998 act carries a maximum fine of £500,000 – while the 2018 act means the regulator could demand up to £17 million, or 4% of an organisation’s annual turnover, whichever is higher.
Source: Joe Curtis | IT PRO