Ticketmaster is facing a lawsuit seeking class-action status over a massive data breach that exposed sensitive information from hundreds of millions of customers earlier this year.
Filed Friday in federal court in California, the lawsuit alleges the ticketing giant and its parent company Live Nation Entertainment failed to implement “adequate and reasonable” data protection procedures, ensure its third-party vendors followed best security practices to detect unauthorized intrusions and provide customers prompt notice of the breach, among other claims.
It’s one of several filed in recent months against the two companies, both related to the breach and unrelated.
Ticketmaster, along with the attorney representing the plaintiff, did not immediately respond to a request for comment.
This summer, a hacking group obtained the names, email addresses, phone numbers and some encrypted credit card information of customers through Snowflake, a third-party cloud database containing Ticketmaster data. The user data was offered for sale on the dark web, Live Nation reported in a regulatory filing in late May.
Ticketmaster later sent notices to its customers. The company confirmed the unauthorized activity occurred between April 2 and May 18.
It is unclear how many Georgia-based customers were affected by the breach. Live Nation is the dominant entity in Atlanta’s live events industry — by a wide margin. It maintains long-term leases at the Chastain Park, Lakewood and Ameris Bank amphitheaters, owns and manages the Tabernacle in downtown and operates the Buckhead Theatre and the Coca-Cola Roxy at The Battery. Several of Atlanta’s largest venues use Ticketmaster as its primary ticket outlet, such as State Farm Arena and Mercedes-Benz Stadium.
Credit: Ryan Fleisher
Credit: Ryan Fleisher
Plaintiff Daniel Pomeroy is a customer whose data was compromised in the breach, according to the lawsuit. He and other similarly situated customers face risks of future identity theft, fraud, phishing and spam, the suit says. The data thieves can commit a variety of crimes using customers’ data, including opening new financial accounts, filing fraudulent tax returns or taking out loans, according to the lawsuit.
The customers may also incur costs for credit monitoring services, credit freezes and other measures to detect identity theft, along with products to protect themselves from spam emails, calls or text messages, according to the lawsuit. Ticketmaster offered customers 12 months of free identity monitoring service.
The lawsuit seeks damages of an unspecified amount, alongside attorneys’ fees and other relief.
Ticketmaster is one of several major companies that reported third-party data breaches this year. In July, AT&T announced that hackers obtained data on the calls and text messages of essentially all its customers over a period of at least five months. Customers of several banks, including Santander, Truist and Ally, also had personal information compromised through third-party databases. So did customers of Neiman Marcus, Advance Auto Parts and LendingTree.
As the world has become increasingly digitized, the collection of personal data out there for hackers to steal has grown. Each person leaves a digital footprint as they use devices to communicate, track their fitness, listen to music or upload a document to the cloud. Personal information is valuable to hackers, and data including names and phone numbers have been sold at prices ranging from $40 to $200 per record, according to the Ticketmaster complaint.
All of the data collected by companies has to go somewhere. Companies often do not have the resources to build and maintain their own internal systems to warehouse data, so they will outsource the task to third parties.
