2 Matching Annotations
  1. Apr 2021
    1. It was because of Ticketmaster's business decision to include the chat bot on its payment page that the chat bot was able to unlawfully process the personal data of customers. An attacker directed its attack at the Inbenta servers and inserted malicious code into the JavaScript for the chat bot.

      data controller's business decision lead ultimately to the unlawful processing (infringement)

      lack of diligence: business decision + notifications from card companies and users, no thorough investigation of all notified incidents/suspicions (as above)

      organizational measures in place + 3rd party forensics team, but diligence is lacking

      so, type of breach: third-party from Inbenta OR business decision and lack of diligence of controller?