Entertainment giant Live Nation and its ticketing subsidiary Ticketmaster are targeted in a proposed class action after the personal data of more than half a billion consumers were up for sale on the dark web after a confirmed data breach.
The proposed class action alleges the data breach — which came to light last week — was a direct result of Live Nation and Ticketmaster’s failure to implement “adequate and reasonable” cybersecurity procedures and protocols. The suit was filed on May 29 in the U.S. District Court for the Central District of California.
“This Data Breach occurred because Ticketmaster enabled an unauthorized third party to gain access to and obtain former and current Ticketmaster customers’ Private Information from Ticketmaster’s internal computer systems,” the complaint said.
In an SEC filing, shared on Friday, May 31, Live Nation said it identified unauthorized activity on May 20, 2024, and subsequently, launched an investigation.
The “hacker” group ShinyHunters said it cracked the Ticketmaster system and accessed some 1.3 terabytes of data, which includes names, addresses, credit card numbers, phone numbers, and payment details, involving 560 million customers globally. While it is unclear which markets were impacted in the hack, or what percentage of consumers impacted are from what markets, the risk for any impacted consumer is very high, given the highly sensitive data that appears to be involved.
| READ: Snowflake Says ‘No Evidence’ Its Platform Is at Fault for Ticketmaster Breach |
In a statement on X, VX-Underground said ShinyHunters did not carry out the attack itself, but rather, acted as a proxy for the threat group responsible. VX-Underground went on to note that based on the data provided to them by the threat group, “we can assert with a high degree of confidence the data is legitimate.” The date ranges in the database reportedly go back to 2011, with some dates showing information from the mid-2000s.
VX-Underground said the data shared with them includes:
- Full Name
- Email address
- Address
- Telephone number
- Credit card number (hashed)
- Credit card type, authentication type
- All user financial transactions
“The data provided to us, even as a ‘sample’, was absurdly large and made it difficult to review in depth,” VX-Underground said. “We are unable to verify the authenticity of financial information. Briefly skimming the PII present in the dump, it appears authentic.”
While this wouldn’t be the first time Ticketmaster suffered a data breach, this hacker claim would be among the largest ever reported.