So this is an interesting case because by all accounts it was Snowflake that got compromised, not Ticketmaster themselves. So this isn’t them messing up but their vendor. I get the argument that you are responsible for your vendors, but at the same time the whole point of buying a SaaS product is precisely to hire domain experts to run a piece of infrastructure that you have less experience with. Security is very hard even for major companies with a stronger culture of it who spend much more resources on it like Apple and Google. It’s not clear that if Ticketmaster would have done a better job.
I think the view I’m most sympathetic too is that customer information should be viewed and reported on as a toxic asset/liability to discourage gathering of personal information in the first place.
I think the view I’m most sympathetic too is that customer information should be viewed and reported on as a toxic asset/liability to discourage gathering of personal information in the first place.