fbpx

PROFILE

MY SUBSCRIPTION

LOGOUT

x

The latest industry news to your inbox.

    

I'd like to hear about marketing opportunities

    

I accept IQ Magazine's Terms and Conditions and Privacy Policy

Ticketmaster UK fined for 2018 data breach

The UK’s Information Commissioner’s Office (ICO) has fined Ticketmaster £1.25 million over a data breach that compromised the payment information of an estimated 9.4m customers in Europe, including 1.5m in the UK.

Concluding its investigation of a 2018 cyberattack which targeted Ticketmaster, TicketWeb and Get Me In! websites through a third-party customer support plug-in, the ICO found that Ticketmaster UK Ltd violated GDPR by failing to put in place “appropriate security measures” to protect its customers’ data.

ICO investigators found that, as a direct result of the Ticketmaster breach, 60,000 payment cards belonging to Barclays Bank customers had been subjected to known fraud. Another 6,000 cards were replaced by Monzo Bank after it suspected fraudulent use.

James Dipple-Johnstone, ICO deputy commissioner, says Ticketmaster failed to assess the risks of including the third-party product, a chatbot developed by Inbenta Technologies, on its payment page, as well implement appropriate security measures to negate those risks.

“Looking after their customers’ personal details safely should be at the top of organisations’ agenda”

The company also failed to identify the source of the fraudulent activity in a timely manner, having taken nine weeks from first being alerted to possible fraud (in February 2018) to finally monitoring the network traffic through its online payment page, according to the ICO.

“When customers handed over their personal details, they expected Ticketmaster to look after them,” says Dipple-Johnstone (pictured). “But they did not. Ticketmaster should have done more to reduce the risk of a cyberattack. Its failure to do so meant that millions of people in the UK and Europe were exposed to potential fraud.

“The £1.25 million fine we’ve issued today will send a message to other organisations that looking after their customers’ personal details safely should be at the top of their agenda.”

The Ibenta bot was removed from Ticketmaster’s websites in June 2018.

 


Get more stories like this in your inbox by signing up for IQ Index, IQ’s free email digest of essential live music industry news.

Hackers target livestreamed IPO fundraiser

The disruption of an Israel Philharmonic Orchestra (IPO) virtual concert and fundraising gala last weekend was caused by a cyberattack, the orchestra has confirmed.

The attack – the first outage of a major livestreamed show since the format took off amid the coronavirus pandemic – crashed the websites of the IPO and its broadcast partner, Medici.tv, during the stream on Sunday 28 June.

More than 13,000 people had registered to view the hour-long event, hosted by Dame Helen Mirren, which aimed to help the orchestra overcome financial losses as a result of Covid-19.

No group has claimed responsibility for hacking the stream.

“Hackers were determined to silence our message and stamp out our voice, but they will not succeed”

“We were thrilled that so many had registered to join us for this event, giving us the opportunity to bring the healing power of music to people who need it at this difficult time,” comments Tali Gottlieb, executive director of the IPO Foundation.

“Our organisation had high hopes that this event would help us raise emergency funds to support the members of the Israel Philharmonic in the face of an unprecedented financial crisis.”

Danielle Ames Spivak, executive director of American Friends of the Israel Philharmonic Orchestra, which helped organise the event, adds: “Hackers were determined to silence our message and stamp out our voice, but they will not succeed. More than ever, we are determined to spread the Israel Philharmonic’s message of hope, peace, and beauty around the world.”

 


Get more stories like this in your inbox by signing up for IQ Index, IQ’s free email digest of essential live music industry news.

Man jailed for Hellfest cyberattack

A computer scientist has been sentenced to a month in prison for hacking into the onsale for French metal festival Hellfest.

On 9 October, the man took the festival’s ticketing servers offline by sending 46,000 simultaneous connections to its Weezevent-powered box office, a court in Bobigny, Paris, heard. The man works in cybersecurity and is part of a group of hackers, but had no previous criminal convictions, according to 20 Minutes.

Found guilty of “fraudulent [activities] in an automated data-processing system”, the man was fined, in addition to the one-month jail term. The prosecution had pushed for a three-month suspended sentence.

The hacker told he wanted to buy tickets for Hellfest 2020 without “having to queue”

While the hacker reportedly told police that he wanted to buy tickets for Hellfest 2020 without “having to queue”, festival director Ben Berbaud tells Ouest-France the man did not buy a single pass. (During the half-hour cyberattack, all other buyers were presented with an error page.)

Even with the downtime, the festival sold out all 55,000 three-day passes in an hour and a half.

Hellfest 2020, the 15th edition of the event, takes place 19–31 June 2020. Hellfest 2019 performers included Kiss, Tool, Manowar, Def Leppard, Lynyrd Skynyrd, Whitesnake and Slayer.

 


Get more stories like this in your inbox by signing up for IQ Index, IQ’s free email digest of essential live music industry news.