Ticketmaster is claiming that the ICO's £1.25m data breach fine clears it of any responsibility for its network being infected by card-skimming malware, according to correspondence seen by The Register.
The firm was fined earlier this month after UK data regulator, the Information Commissioner's Office, ruled it had broken data protection laws by failing to properly secure its network.
Yet Ticketmaster is insisting that it is not liable to a customer for the compromise of its network, attempting to exploit an apparent legal loophole to squeeze out of Reg reader Richard's fight for compensation.
When it fined Ticketmaster, the ICO said: "The total duration of the personal data breach was between February 2018 and 23 June 2018… however, the dates under consideration for the purposes of this penalty notice were from 25 May 2018 to 23 June 2018."
Those dates are significant: while the ICO made clear findings that Ticketmaster's infrastructure was compromised in February, its fine only covered the period from May, when higher penalties under the EU's General Data Protection Regulation (GDPR) were available – and now Ticketmaster seemingly wants to use that to avoid admitting liability for its systems becoming compromised in the first place.
In a letter seen by The Register, Ticketmaster's lawyers told Richard:
This came ..