4 Matching Annotations
- Apr 2021
It was because of Ticketmaster's business decision to include the chat bot on its payment page that the chat bot was able to unlawfully process the personal data of customers. An attacker directed its attack at the Inbenta servers and inserted malicious code into the JavaScript for the chat bot.
data controller's business decision lead ultimately to the unlawful processing (infringement)
lack of diligence: business decision + notifications from card companies and users, no thorough investigation of all notified incidents/suspicions (as above)
organizational measures in place + 3rd party forensics team, but diligence is lacking
so, type of breach: third-party from Inbenta OR business decision and lack of diligence of controller?
gdprhub.eu gdprhub.eu
unauthorized access by third parties
gdprhub.eu gdprhub.eu
allowing access to the claimant to the personal data of a third person when accessing their account
showing the data of another client