Data Leakage: Investing In Third Party Data Security Integrity Checks

3rd July 2018

This week, we saw Ticketmaster sheepishly apologising for a data breach which saw their customer’s personal identifiable data fall into the wrong hands.

Their admirable handling of the aftermath will still no doubt have come at a cost – it not only negatively impacts their reputation, but this debacle puts them under continuous scrutiny and presents the possibility of a fine from the ICO.

The breach itself actually came from a third-party source, Inbentor Technologies, who operate a chatbot on their website. Hackers exploited their code and were able to extract customer payment information from the Ticketmaster website. Both organisations are clearly at fault – but where will the media and customers place their blame?  See how the breach is reported below – no mention of Inbentor.

Should we check our suppliers’ integrity?

We’ve spoken a lot about GDPR recently and the subsequent cost and effort organisations bare to ensure they are compliant with the new regulations. We’ve also stressed the importance of ongoing evaluation of data to ensure continuous compliance. Ticketmaster appear to have overlooked how secure and compliant their subcontractors or third parties are, and they are unlikely to be on their own in this. Organisations trust that these service providers are also legitimately handling their own data in accordance with ethical and regulatory standards – to the same level the organisation itself is handling its own data. Clearly, this is not the case. There will be contracts in place, and the likelihood is that Inbentor will be liable for any costs associated with the breach but how do Ticketmaster repair their reputation?

Supply chain audits

Our innovative RiskView software can be used before a contract is signed as a compliance check and can regularly audit them to ensure that your organisation is making safer contractual decisions.

View More Articles