Security News > 2020 > November > Ticketmaster: We're not liable for credit card badness because the hack straddled GDPR day

Ticketmaster: We're not liable for credit card badness because the hack straddled GDPR day
2020-11-25 11:59

Ticketmaster is claiming that the ICO's £1.25m data breach fine clears it of any responsibility for its network being infected by card-skimming malware, according to correspondence seen by The Register.

Ticketmaster is insisting that it is not liable to a customer for the compromise of its network, attempting to exploit an apparent legal loophole to squeeze out of Reg reader Richard's fight for compensation.

Both his debit and credit cards had been cancelled by his bank, which had spotted an attempt to fraudulently use them on Ticketmaster.

An ICO spokesperson told The Register: "The £1.25m fine issued to Ticketmaster was in relation to infringements of the GDPR which only came into force on 25 May 2018. Whilst the fine therefore could only relate to infringements from 25 May 2018, prior to that date Ticketmaster would still have had to comply with the Data Protection Act 1998.".

Even if Ticketmaster decided not to set up a full bug bounty scheme, a responsible disclosure email inbox checked once a day by an IT bod would be better than nothing, Mercer added.


News URL

https://go.theregister.com/feed/www.theregister.com/2020/11/25/ticketmaster_gdpr_fine_chicanery/