A key justification for the fine (see the report eg. sections 6.3 through 6.7) is that "there were multiple failures by Ticketmaster to put in place appropriate technical or organisational measures to protect the personal data being processed on Ticketmaster's systems, as required by the GDPR."

Process data without taking appropriate steps to protect that data and you face being fined under the GDPR.