Last week, Ticketmaster sheepishly apologised for a data breach which saw their customer’s personal identifiable data fall into the wrong hands. Their admirable handling of the aftermath will still no doubt have come at a cost – it not only negatively impacts their reputation, but this debacle puts them under continuous scrutiny and presents the possibility of a fine from the ICO.
The breach itself actually came from a third-party source, Inbentor Technologies, who operate a chatbot on their website. Hackers exploited their code and were able to extract customer payment information from the Ticketmaster website. Both organisations are clearly at fault – but where will the media and customers place their blame? See how the breach is reported below – no mention of Inbentor.
Should we check our suppliers’ integrity?
We’ve spoken a lot about GDPR recently and the subsequent cost and effort organisations bare to ensure they are compliant with the new regulations. We’ve also stressed the importance of ongoing evaluation of data to ensure continuous compliance. Ticketmaster appear to have overlooked how secure and compliant their subcontractors or third parties are, and they are unlikely to be on their own in this. Organisations trust that these service providers are also legitimately handling their own data in accordance with ethical and regulatory standards – to the same level the organisation itself is handling its own data. Clearly, this is not the case. There will be contracts in place, and the likelihood is that Inbentor will be liable for any costs associated with the breach but how do Ticketmaster repair their reputation?
Let DDC AS check your third-party integrity
Our innovative RiskView software can be used before a contract is signed as a compliance check and can regularly audit them to ensure that your organisation is making safer contractual decisions.Back
14 February 2019
Phishing Scams – An Evolving Threat
11 February 2019
Phishing Indicators - An Infographic
28 January 2019
Transparency and Consent
13 December 2018
`Tis the Season for... GDPR? Pt.2
10 December 2018
Marriott - A Data Breach
03 December 2018
Tis` the Season for...GDPR? Pt.1