Last week, Ticketmaster sheepishly apologised for a data breach which saw their customer’s personal identifiable data fall into the wrong hands. Their admirable handling of the aftermath will still no doubt have come at a cost – it not only negatively impacts their reputation, but this debacle puts them under continuous scrutiny and presents the possibility of a fine from the ICO.
The breach itself actually came from a third-party source, Inbentor Technologies, who operate a chatbot on their website. Hackers exploited their code and were able to extract customer payment information from the Ticketmaster website. Both organisations are clearly at fault – but where will the media and customers place their blame? See how the breach is reported below – no mention of Inbentor.
Should we check our suppliers’ integrity?
We’ve spoken a lot about GDPR recently and the subsequent cost and effort organisations bare to ensure they are compliant with the new regulations. We’ve also stressed the importance of ongoing evaluation of data to ensure continuous compliance. Ticketmaster appear to have overlooked how secure and compliant their subcontractors or third parties are, and they are unlikely to be on their own in this. Organisations trust that these service providers are also legitimately handling their own data in accordance with ethical and regulatory standards – to the same level the organisation itself is handling its own data. Clearly, this is not the case. There will be contracts in place, and the likelihood is that Inbentor will be liable for any costs associated with the breach but how do Ticketmaster repair their reputation?
Let DDC AS check your third-party integrity
Our innovative RiskView software can be used before a contract is signed as a compliance check and can regularly audit them to ensure that your organisation is making safer contractual decisions.Back
23 April 2019
IT Systems Impact on Staff Wellbeing
10 April 2019
Are your employees adhering to your security policies?
03 April 2019
The Morrison’s Data Breach – Revisited
20 March 2019
Beating the Recruitment Process?
18 March 2019
Data and Brexit: An Uncertain Future?
26 February 2019
Managing Behaviour Through Technology in the Workplace