Ticketmaster suffered a Global Breach and it’s Australian users are being warned to change their passwords for the site and also keep an eye out for strange transactions.
The NewDaily has an article on the issue:
“Ticketmaster Australia could not guarantee to The New Daily that Australian customers’ data is safe.”
Now that’s a worry! It indicates that they have low to no confidence in their security systems.
In instances such as this, what protections does Australian law provide? Do our laws need to be undated?
Is a customer of a ‘Hacked’ service automatically protected?
And is the provider as a consequence of the provider’s failure then legally liable for all and any losses to a customer?
Should there also be a responsibility on the service provider at the very first instance of being aware of such a breech be to lock the data base by removing remote access indefintiely?
It is a poor response of a provider to transfer the problem to the customer by asking customers change their passwords. There will always be a time lag between the breech being identified and any customer being able to respond!
Does the problem belong firstly to the service provider, in this instance “Ticketmaster”?
If locking the data base destroys their business model - so be it. Perhaps then business that rely on having a secure customer data base will actually care about their customers.
There are risks of both financial loss and personal identity theft every time similar hacks occur. There is also legally a claim possible for “pain and suffering” for the stress and inconvenience. No business including “Ticketmaster” should be allowed to put itself in a position where it’s business needs are precedent to personal outcomes?
I’d rather see my current details shredded and start again - with an improved authentication than simply accept I can go on as in the past with a changed password. It is too easy to reset passwords for many sites.
My observations are intended to be general and not sepcific to “Ticketmaster”.
To “Ticketmasters” credit they have indicated steps they have taken in respect of those customers who it believes are at risk, however the breech is more than a week old! There is an offer by “Ticketmaster” to those affected of 12 months free Identity theft monitoring by a third party. This response serves to illustrate the seriousness of the original breech.
Who should bear the cost of a hack is a complex question. It all hinges around whether there was a reasonable attempt at security.
In the foreseeable future it won’t be possible to completely secure an IT system. Even the supposedly most secure systems have been hacked. To prevent incursion, systems need to be relentlessly “hardened” and tested. This iterative process requires huge resources which only well funded organisations can afford.
If it can be show that the business did not take all reasonable steps to secure their systems, then I agree that they should be held accountable and compensate those affected.
So in this case, if it can be shown they didn’t take due care to harden their systems, then Ticketmaster should bear the cost of the hack, but I don’t think that locking customers out is the answer as this may disadvantage the customers.
There will be cases, where businesses have taken all reasonable steps and are still hacked. For example, a small business will not have the resources to install more than rudimentary security which knowledgeable hackers can bypass. In those situations, they have taken all reasonable steps that can be expected for their resources, and I don’t think that they should be held liable for compensation.
I tried to log in and remove my cr details but password didn’t work. they issued me a temp one and notified me that all of my credit card/delivery will be removed and I will have to re enter them at the time of purchase.
in the mean time PageUp count is going up 20 and numerous double ups. …yet some companies are still using the them.