In April, the hacker group ShinyHunters breached Ticketmaster's database, extracting the full names, addresses, emails, phone numbers, and credit card details of up to 560 million customers. The Live Nation-owned company took nearly two months to detect the breach and an additional four months to inform affected users.
 |
| Live Nation CEO Michael Rapino Ethan Miller/Formula 1/Getty Images |
Ticketmaster is now facing a proposed class action lawsuit, accusing the company of failing to implement adequate security measures to prevent hacks, notify users of compromised data, and ensure its cloud computing vendor used proper security protocols. The lawsuit, filed in California federal court on Friday, cites negligence and seeks over $5 million in damages for millions of users.
This breach was the latest in a series of cyberattacks this year on media and telecom companies such as Disney, Roku, and AT&T. ShinyHunters, the group responsible for the attack, demanded a $500,000 ransom to avoid reselling the data on the dark web.
The lawsuit claims that Ticketmaster’s failure to adopt sufficient data protection measures, including vendor oversight, led to the breach, putting consumer data at risk amidst a rise in high-profile cyberattacks.
The Ticketmaster and AT&T breaches were linked to a third-party server hosted by cloud computing company Snowflake. Users blame Ticketmaster for not ensuring that Snowflake, though not named in the complaint, adhered to proper security protocols. They argue that cyberattacks are a known risk, and Ticketmaster's failure to secure user data left it vulnerable.
The complaint also faults Ticketmaster for retaining personal data it should have deleted, accusing the company of profiting from the sale of user information—including purchase histories, names, addresses, phone numbers, emails, and transaction preferences—to business partners and data brokers.
According to the lawsuit, consumers are now at higher risk for identity theft, fraud, and spam. ShinyHunters has stolen over 900 million customer records since 2020, including from companies like AT&T, GitHub, and Pizza Hut. With this data, they can create "Fullz" packages, which compile detailed personal dossiers used for fraudulent activities like obtaining fake IDs or loans.
As new technologies emerge, the value of stolen data increases, making it easier for cybercriminals to use deepfakes and AI-powered tools to commit fraud. The lawsuit claims users face years of financial and personal data monitoring. In addition to negligence, users allege unjust enrichment and breach of implied contract.
Certain types of personal data can be sold for up to $360 per record, according to InfoSec Institute, a cybersecurity training firm.
Ticketmaster has yet to comment on the hack, which occurred before the Justice Department filed an antitrust lawsuit against the company.
0 Comments