Live Nation Entertainment confirmed that a data breach has taken place on the Ticketmaster system, as reported this week. The entertainment giant has not confirmed any details regarding the scope or timing of the breach, which reportedly involves more than half a billion user accounts, according to a “hacker” group claiming to offer the data for sale on the dark web.

From the SEC filing, shared Friday:

On May 20, 2024, Live Nation Entertainment, Inc. (the “Company” or “we”) identified unauthorized activity within a third-party cloud database environment containing Company data (primarily from its Ticketmaster L.L.C. subsidiary) and launched an investigation with industry-leading forensic investigators to understand what happened. On May 27, 2024, a criminal threat actor offered what it alleged to be Company user data for sale via the dark web. We are working to mitigate risk to our users and the Company, and have notified and are cooperating with law enforcement. As appropriate, we are also notifying regulatory authorities and users with respect to unauthorized access to personal information.
As of the date of this filing, the incident has not had, and we do not believe it is reasonably likely to have, a material impact on our overall business operations or on our financial condition or results of operations. We continue to evaluate the risks and our remediation efforts are ongoing.

As reported on Wednesday, the “hacker” group ShinyHunters has claimed it has cracked the Ticketmaster system and accessed some 1.3 terabytes of data, which includes names, addresses, credit card numbers, phone numbers, and payment details, involving 560 million customers globally. The information is said to be up for sale on the dark web, with an asking price of $500,000.

TFL and ATBS for ticketing professionals

While it is unclear which markets were impacted in the hack, or what percentage of consumers impacted are from what markets, the risk for any impacted consumer is very high, given the highly sensitive data that appears to be involved.

In a statement on X, VX-Underground said ShinyHunters did not carry out the attack itself, but rather, acted as a proxy for the threat group responsible. VX-Underground went on to note that based on the data provided to them by the threat group, “we can assert with a high degree of confidence the data is legitimate.” The date ranges in the database reportedly go back to 2011, with some dates showing information from the mid-2000s.

VX-Underground said the data shared with them includes:

  • Full Name
  • Email address
  • Address
  • Telephone number
  • Credit card number (hashed)
  • Credit card type, authentication type
  • All user financial transactions

“The data provided to us, even as a ‘sample’, was absurdly large and made it difficult to review in depth,” VX-Underground said. “We are unable to verify the authenticity of financial information. Briefly skimming the PII present in the dump, it appears authentic.”

While this wouldn’t be the first time Ticketmaster suffered a data breach, this hacker claim would be among the largest ever reported.