Ticketmaster has admitted a huge security breach just a month after the new data regulations came into force.
The company said up to 40,000 UK customers and their data may have been compromised between February and 23 June 2018.
“Some personal or payment information may have been accessed by an unknown third party”, it revealed this week.
According to the Guardian, a number of Ticketmaster customers have already had fraudulent transactions debited from their accounts.
The breach comes shortly after the introduction of the General Data Protection Regulation (GDPR). Under the new rules, organisations responsible for customer data must ensure that personal data is kept secure and is not misused.
The penalties for failing to meet these duties are significant. Maximum fines can stretch up to four per cent of global turnover or €20 million, whichever is higher.
Affected Ticketmaster customers have been notified to reset their password, the company said.
“We recommend that you monitor your account statements for evidence of fraud or identity theft. If you are concerned or notice any suspicious activity on your account, you should contact your bank and any credit card companies.”
It added: “Forensic teams and security experts are working around the clock to understand how the data was compromised. We are working with the Information Commissioner’s Office, as well as credit card companies, banks and relevant authorities.
“If you have not received an email, we do not believe you have been affected by this security incident based on our investigations.”