The U.K. Information Commissioner’s Office (ICO) on Friday fined Ticketmaster £1.25 million (U.S. $1.6 million) for its failures relating to a 2018 data breach that exposed the personal information of 9.4 million customers across Europe.
The fine comes under the EU’s General Data Protection Regulation (GDPR), which took effect on May 25, 2018. Though the Ticketmaster breach occurred months before, in February, it wasn’t shut down until June 23, 2018. The penalty only relates to the period from the start of the GDPR through the end of the breach.
