Question to the Department for Digital, Culture, Media & Sport:

To ask the Secretary of State for Digital, Culture, Media and Sport, what steps the Government is taking to help ensure that (a) the recent data breach of Ticketmaster and (b) other data breaches do not reoccur; and if he will make a statement.

The Government takes both the protection of personal data and the right to privacy extremely seriously. The Data Protection Act 2018 makes our data protection laws fit for the digital age in which an ever increasing amount of data is being processed and empowers people to take control of their data.

The National Cyber Security Centre (NCSC) issued a statement on the Ticketmaster breach on 27th June and guidance for customers was issued on its website on the 28th June. The National Crime Agency and NCSC continue to investigate this incident as a priority, including working with all parties to ascertain the full scale of the incident and to provide ongoing remediation advice. As part of this and broader mitigation advice, the NCSC and Information Commissioner’s Office have issued a set of General Data Protection Regulation Security Outcomes in order to ensure the appropriate security of personal data.

The NCSC supports the most critical organisations in the UK, the wider public sector, industry and SMEs. This include the provision of freely available guidance on its website which, if followed, enables institutions and companies to put measures in place to help protect themselves from cyber attacks. When incidents do occur, the NCSC provides effective incident response to minimise harm to the UK, help with recovery, and learn lessons for the future.