An Illinois judge has dismissed the class action lawsuit filed against Eventbrite over the Ticketfly hack.
Claimants have until July 9th to file an amended complaint.
Last May, a hacker sent emails to Ticketfly about security flaws that existed in its WordPress blog. When Ticketfly did not address the issue, the hacker, calling himself ‘Ishakdz,’ breached the site and gained access to 26 million user’s information.
Ishakdz asked Ticketfly to supply one bitcoin (worth about $7,500 at the time) in exchange for the data.
When Ticketfly didn’t pay the hacker’s ransom, he posted all 26 million customer’s information online. That information included names, addresses, emails, passwords, phone numbers, and credit card details. The event prompted Ticketfly’s parent company Eventbrite to be named in a class action lawsuit over the breach.
Eventbrite formally responded to the lawsuit in March by asking the judge to dismiss the case. Eventbrite said the claimants had failed to prove that they bought their tickets from Ticketfly.
Lawyers also argued that even if the data grab had impacted the claimants, they could not prove that direct harm resulted.
Judge Michael T. Mullen agreed with Eventbrite’s assessment of the situation. He dismissed the lawsuit as it currently stands and said plaintiffs would need to explain how their contract with Eventbrite had been breached. In addition, plaintiffs must provide evidence that the data hack caused concrete injury.
Plaintiffs in the case argued that having to pay to monitor their credit was tangible harm, but the judge disagreed. He told plaintiffs that “potential harm” is not a viable reason to proceed with the suit. If the two plaintiffs amend the lawsuit with new evidence by July 9th, it can continue, however.
If the plaintiffs do provide sufficient evidence, Eventbrite plans to claim that the lawsuit should be judged in California rather than Illinois. Judge Mullen said he would consider that argument if the plaintiffs file an amended lawsuit by the deadline.