Ticketmaster Data Breach: Impact And Regulatory Implications In The Ticketing Industry

Today’s topic: Ticketmaster data breach.

According​‍​‌‍​‍‌​‍​‌‍​‍‌ to The Guardian, a hacker group claimed that personal data of about 560 million customers was exposed in a data breach that occurred at Ticketmaster. A company that is a subsidiary of Live Nation. 

Moreover, the breach has several concerning factors. It included the vast number of people whose data had been compromised and the manner in which it was carried out.

The hackers, as TechCrunch mentioned, accessed a cloud database which was, in their words, a Snowflake instance that a third party managed. Furthermore, they used credentials that they got via infostealer malware to gain ​‍​‌‍​‍‌​‍​‌‍​‍‌access.

In this article, we will talk about the following things:

• What is the Ticketmaster data breach lawsuit?
• The timeline of the data breach.
• Discovery, investigation, and the response of the company.
• The regulatory implications of the data breach lawsuit.
• Ticketmaster data breach compensation for consumers.

Therefore, if these are a few things that you want to talk about, keep on reading this blog till the end…

What Is Ticketmaster?

Ticketmaster​‍​‌‍​‍‌​‍​‌‍​‍‌ is a worldwide top-ranking company that deals with the selling of tickets to live events. In most cases, it functions as a channel for event organizers to sell tickets directly to the end-users.

These include:

• Venues.
• Artists.
• Sports teams.
• Promoters.

Ticketmaster is one of the companies that is owned by the live entertainment conglomerate Live Nation ​‍​‌‍​‍‌​‍​‌‍​‍‌Entertainment.

What Is The Ticketmaster Data Breach Lawsuit?

So,​‍​‌‍​‍‌ in late June 2024, Ticketmaster announced publicly that there had been a data breach at Ticketmaster. This data breach involves the leak of information for some 560 million users.

In a filing with the SEC, they revealed that an unauthorized party was attempting to sell the user data on the dark web. In their official statement, they mentioned:

“We discovered unauthorized activity on an isolated cloud database hosted by a third-party data services provider.

Your Ticketmaster account remains secure. Customers can continue to conduct business with Ticketmaster as normal and without issue.

Our comprehensive investigation – alongside leading cybersecurity experts and relevant authorities – has shown that there has been no more unauthorized activity.”

A hacking group named ShinyHunters hacked the data. Additionally, they announced the breach before Ticketmaster released the news on May 28.

Basically, ShinyHunters is a cyber group. They claim to have hacked major corporations such as Microsoft and AT&T in the past. The hackers wanted $500,000 for 1.3TB of Ticketmaster customer information that included:

• Addresses.
• Phone numbers.
• Credit card details.

Live Entertainment, the parent company of Ticketmaster, said the data breach resulted from an unauthorized access to a third-party cloud storage platform. They didn’t indicate the platform, but people think it might be Snowflake, the AI cloud database platform.

Why is The Ticketmaster Data Breach Incident Important?

The first key reason this is such a big deal is from the customer perspective. It appears that the leaked data includes:

• Real names.
• Addresses.
• Phone numbers.
• Credit card info.

So, this clearly means that the data can be used for:

• Identity theft.
• Phishing scams.
• Traditional fraud.

The second point is that the ticketing industry now realizes that this is the time to shore up their defenses to ensure the protection of customer data in a way that is foolproof, especially when cloud services or external help are involved.

Third, regarding data security, they should have taken measures to prevent situations like this. This would have helped them pinpoint the perils of having poor security, such as using one password for verification, And at the same time not watching contractors closely.

Finally, it questions the issue of legality when it comes to responsibility. For example, who is paying the price if a cloud partner or a contractor causes a data breach? How prepared are the companies of live event sector to respond to such a ​‍​‌‍​‍‌situation?

Ticketmaster Data Breach Timeline & Events

Below,​‍​‌‍​‍‌​‍​‌‍​‍‌ you will find an overview of the Ticketmaster Data Breach that explains the sequence of events, the facts that have been confirmed publicly, the disclosure of the breach, and the reports of the investigation.

April 2 – May 18, 2024	Hackers used stolen credentials to gain unauthorized access to a Snowflake-hosted cloud database environment.
May 20, 2024	Live Nation detected and reported “unauthorized activity” in the third-party cloud database environment.
May 27, 2024	The threat actor uploaded the 1.3TB stolen database to a dark web forum and offered it for sale for $500,000.
May 28, 2024	ShinyHunters copied the post to their Telegram channel and forums to announce the leak and attract more people.
May 31, 2024	Live Nation confirmed the data breach publicly through an SEC filing and started cooperating with the police.
June 2024	Security firms’ investigations revealed that the Ticketmaster breach is the initial stage of a campaign targeting Snowflake customers.
Late June – July 2024	The Ticketmaster team started sending out emails and letters informing the customers who were affected, about the incident.
July 2024	One more threat actor had been leaking increasingly detailed data, including millions of event barcodes for popular ​‍​‌‍​‍‌​‍​‌‍​‍‌artists.

Initial Breach & How It Occurred

According to ClassAction.Org, “Live Nation says that it first identified suspicious activity on May 20 and discovered on May 27 that a criminal threat actor appeared to be offering Ticketmaster user data for sale on the dark web.”

Subsequently, the database was the one hosting the data of Ticketmaster, which was identified by the latter (via TechCrunch) as being on Snowflake, a cloud data analytics provider.

In an attempt to explain how the incident occurred, the hacker claims (via WIRED) that they accessed the environment by compromising a contractor (allegedly EPAM Systems) whose employee’s machine had Snowflake credentials, which were saved in a project-management tool (Jira).

The attackers employed infostealer malware to obtain credentials not only from the contractor but also from the old repositories with the already compromised credentials from which many of the Snowflake accounts seemingly did not have multi-factor authentication (MFA) enabled.

Discovery, Public Acknowledgment & Data Sale Claim

Ticketmaster had already internally considered the possibility of a data leak or breach, as of May 23, 2024. And this is based on user reports and staff communication.

It was May 27, 2024, when a threat actor (the hacking group ShinyHunters is the most likely) claimed to have a file containing Ticketmaster user data. Additionally, they were offering it for sale on a dark-web marketplace.

Near the end of May 2024, Live Nation publicly confirmed the Ticketmaster Data Breach. They issued a formal filing that detailed the incident of unauthorized activity and their cooperation with law enforcement and forensic investigators.

Ongoing Investigation & Responses

According​‍​‌‍​‍‌ to The Guardian, Live Nation says it brought in “industry-leading forensic investigators” as part of the investigation that it launched to comprehend the extent of the incident.

Snowflake, on the other hand, asserted that it did not find any “vulnerability, misconfiguration, or malicious activity within the Snowflake product” and hence, there was no platform-level breach. Nevertheless, they confessed that MFA was not able to protect some accounts that were part of the leak.

WIRED reported that security firms (e.g., Mandiant) were engaged to investigate in more detail how the hackers obtained the credentials and to evaluate whether the contractor’s systems had broader exposure.

It was reported that regulatory authorities and users were informed, and that Live Nation stated they were “working to mitigate the risk to our ​‍​‌‍​‍‌users”.

What Data Was Exposed In The Ticketmaster Data Breach & Who Is Impacted?

According to the hackers’ claims, this Ticketmaster Data Breach affected around 560 million Ticketmaster customers. That number, if accurate, spans a broad global footprint, given Ticketmaster’s international reach. 

According to the information that they provided to the customers on their official website, the “database contained limited personal information of some customers who bought tickets to events in North America (U.S., Canada and/or Mexico).”

Additionally, in their Notice of Data Breach, they mentioned that the “personal information that may have been obtained by the third party may have included your name, basic contact information.”

Here’s clear information regarding the data that was subject to the breach:

• Personally Identifiable Information (PII)
• Payment information
• Ticket/order information

What Was The Reason For The Ticketmaster Data Breach?

According to WIRED, the hackers allegedly compromised a contractor (EPAM Systems) first, and then as a result of that, they targeted Ticketmaster and Snowflake indirectly.

Ars Technica states that the employee’s machine of the contractor was found to have plaintext Snowflake credentials in Jira, and the attackers, once they got hold of these, used them to gain further access.

“About 165 customer accounts were potentially affected in the recent hacking campaign targeting Snowflake’s customers, but only a few of these have been identified so far,” according to WIRED.

Because of the fact that contractors typically are allowed access to the environments of several clients, the compromise of one contractor’s device meant the attackers had made a “single point” from which they could branch out and access many customers’ data.

Cloud Database Vulnerabilities & Process Failures

The data was stored on Snowflake, a platform for cloud-based data storage and analytics.

Snowflake explains that the compromised accounts were “single-factor authentication” only. Which means there were no MFAs. This eventually made it easier for the hackers to carry out the breach easily.

On the hacker’s side, it is reported that they had used infostealer malware, which was responsible for the scraping of credentials of contractors’ machines.

Additionally, there are also cases where the attackers had in their possession, and hence they used the previously compromised credentials of some older breaches.

WIRED reported that about 80% of the affected accounts were those in which the attackers made use of the stolen credentials from the infostealer ​‍​‌‍​‍‌​‍​‌‍​‍‌repositories.

Read Also: Cencora Data Breach Settlement: Who Qualifies, How To Claim, What To Expect & What To Do Next

Could Ticketmaster And Live Nation Have Prevented The Breach?

Data security experts and legal advocates note that the company could have done several things to prevent the leak or data breach. Some of them are as follows:

• Multi-factor authentication (MFA).
• Better credential hygiene.
• Endpoint security.
• Better monitoring and anomaly detection.

Ticketmaster Data Breach Claims & Compensation For Consumers

According to Capital Law, consumers filed a lawsuit against Ticketmaster as well as its parent company, Live Nation. Consumers sought “damages of at least $5 million for affected users, plus legal fees and costs.”

The claim alleged that Ticketmaster “failed to implement reasonable and adequate security measures to protect its users’ information.” Additionally, the claim also mentioned that even though the platform was well aware of the breach and the “significant risk of a cyberattack,” they did not warn the users.

Ticketmaster’s website and privacy policies stated that sufficient security measures were in place to protect data that they shared with third parties. However, the claimants say that Ticketmaster did not ensure that its third-party cloud database, Snowflake, enforced these safeguards – i.e., it “could and should” have implemented measures to prevent the breach.

In addition, the claimants say that Ticketmaster failed to alert users that their data had been compromised in a timely manner. They claim that the company was aware of the breach as early as April 2024. However, it failed to produce a notification of that breach not taking place until July 2024.

Read Also: The USAA Data Breach Settlement- Your Guide To Claims And Compensation

Ticketmaster Data Breach: Business & Regulatory Implications

In​‍​‌‍​‍‌​‍​‌‍​‍‌ a bad turn of events for Live Nation, the company will have to pay hundreds of millions of dollars to the affected digital users. Additionally, they might even have to face class-action lawsuits in the United States.

The complaints against the company state that the security measures were not even the most basic ones and that there was a total “failure … to implement and follow” them.

Authorities could also open a probe under data protection laws (e.g., the GDPR in Europe) if they found that Live Nation had inadequately safeguarded customer data. Especially with the large volume of it.

Other jurisdictions (UK, EU) would be monitoring the situation very closely. That’s precisely in terms of:

• Sata transfers across borders.
• Management of contractors.
• Risks related to the use of cloud services.

Business Risks

• Cost of remediation: This includes a forensic investigation, regulatory reporting, customer notifications, and possibly credit-monitoring services, as well as litigation.
• Damage to reputation: Trust in Ticketmaster may diminish. Thereby, it will affect future ticket sales, particularly among consumers sensitive to privacy issues.
• Investor risk: Although Live Nation, in one of its filings, said that the Data Breach at Ticketmaster was “unlikely to have a material impact on its business”, according to Reuters, the brand and regulatory risks over the long run might have a negative effect on shareholder sentiment.

Industry Implications

After the Ticketmaster data breach incident, the rest of the ticketing industry has become alert. They might also want to take a closer look at their:

• Use of cloud.
• Relationships with contractors.
• Risk management approach.

The live-arts ecosystem (promoters, venues, artists) could become more and more insistent on receiving robust data security assurances from their ticketing partners.

The breach might be the reason that the live entertainment sector sees the need for stricter government regulations or industry standards regarding the risks of using the third-party ​‍​‌‍​‍‌​‍​‌‍​‍‌cloud.