Live Nation Hit With Class Action Lawsuit Over Massive Ticketmaster Data Breach

In April, the hacker group ShinyHunters accessed Ticketmaster’s database. It harvested the complete names, addresses, emails, cellphone numbers and bank card info on as much as 560 million clients. The Live Nation-owned firm took almost two months to find the breach and 4 months to inform impacted customers.

Now, Ticketmaster is dealing with a proposed class motion accusing it of failing to undertake satisfactory safety measures to stop in opposition to hacks, alert customers that their private information was compromised and be certain that a cloud computing vendor carried out enough information safety practices. The lawsuit, filed on Friday in California federal courtroom, alleges negligence and seeks unspecified damages of at the least $5 million on behalf of hundreds of thousands of customers.

The Ticketmaster hack was the newest in a string of cyberattacks this yr focusing on media and telecom firms, together with Disney, Roku and AT&T. ShinyHunters, the group that claimed duty for the breach, demanded a ransom of $500,000 to maintain the info from being resold on the darkish internet.

The lawsuit claims that the hack was a consequence of Ticketmaster neglecting to implement correct information safety procedures, together with “vendor management necessary to protect” customers’ personally identifiable info amid a rising wave of high-profile breaches.

The hacks, together with AT&T’s, was related to a third-party server hosted by the cloud computing firm Snowflake. Customers fault Ticketmaster for failing to make sure that Snowflake, which wasn’t named within the criticism, adhered to cheap safety measures. They name cyber assaults a “known risk” and that “failing to take steps necessary to secure [user information] from those risks left the data in a dangerous condition.”

Ticketmaster ought to’ve have required Snowflake to impose heightened measures to guard private information, cooperate with safety audits and well timed notify customers impacted by a hack, in response to the criticism.

Customers additionally fault Ticketmaster for retaining private info it ought to’ve deleted. They declare that one arm of the corporate’s enterprise entails promoting information on customers — together with when a buyer buys merchandise or a ticket to an occasion, names, bodily addresses, cellphone numbers, emails, IP addresses, details about sure transactions and preferences — to enterprise companions and information brokers.

The lawsuit alleges that buyers are harmed by elevated dangers of determine theft, fraud and spam. Since 2020, ShinyHunters have stolen over 900 million buyer information in hacks of AT&T, GitHub and Pizza Hut, amongst different firms. With the vast swath of information accessible to the group, it may well create so-called “Fullz” packages, which cross-references a number of sources of non-public information to assemble full dossiers on people, the lawsuit claims. Even with out sure info, like a social safety quantity, these packages can be utilized to fraudulently acquire pretend driver’s licenses and loans.

And the worth of this information is growing due to new applied sciences that facilitate avenues for fraud. Cybercriminals are leveraging stolen info to plot more and more sophisticated schemes that includes deepfake know-how and AI-powered password cracking.

Customers “now face years of constant surveillance of their financial and personal records,” the criticism states. Along with negligence,customers carry claims for unjust enrichment and breach of implied contract.

Some classes of delicate personally info can promote for as a lot as roughly $360 per file, in response to the cybersecurity coaching firm InfoSec Institute.

Ticketmaster didn’t instantly reply to a request for remark. The April hack preceded by the Justice Division submitting an antitrust lawsuit in opposition to the corporate.