Skip to content

Hacker: ICO UK Fines Ticket Company £1.25 Million For Data Breach

An attacker inserted malicious code into the chatbot on the company’s payment page, potentially compromising the financial data (card numbers and CVV numbers) of 1.5 million UK data subjects; the compromised chatbot was not subjected to sufficient security vetting procedures, the company took four months to notify the ICO about the breach and the chatbot was managed by a third party which made it vulnerable to weaknesses outside the company’s control.

#GDPR #Privacy #DataPrivacy #EmergingRisk