This company has allowed customers to be exposed to criminal fraud. This is the way these "data breaches" should be framed. Ticketmaster should be criminally liable for punitive damages that will make them take security seriously.
> In a joint statement with Mandiant and CrowdStrike, Snowflake stated there is no evidence suggesting that compromised credentials of Snowflake personnel caused the unauthorized activity. Instead, they attribute the breach (which has also affected companies like Pure Storage, Advance Auto Parts, and Ticketek) to Snowflake customers’ fault, who failed to implement proper authorization protections on their accounts.
It will be interesting to see how that plays out. The companies will blame each other.
If this was Europe, then blame starts and stays with the data controller, Ticketmaster.
It can (and might) spread to the data processors that Ticketmaster has willfully chosen, but that wouldn't clear responsibility for the data controller, who remains accountable.
