Ticketmaster Fined $10 Million for Hacking Into a Competitor’s Servers and Stealing Information

Federal Judge Dismisses Class-Action Lawsuit Against Ticketmaster

Ticketmaster has been fined $10 million for allegedly hacking a rival ticketing platform and stealing sensitive information between 2013 and 2015, the Department of Justice announced in a formal release.

Federal prosecutors levied five charges, including wire fraud and computer intrusion, against Ticketmaster for allegedly accessing “without authorization the computer systems of a competitor.” The episodes that spurred the charges occurred after a former Crowdsurge exec joined the Live Nation team in 2013.

For background, Crowdsurge in 2015 merged with live music platform Songkick, which sold “selected assets” – unrelated to ticketing, it bears mentioning – to Warner Music Group in July of 2017. Even before the sale, however, WMG parent Access Industries was a major backer of Songkick. Additionally, Songkick levied a massive antitrust lawsuit against Ticketmaster/Live Nation.

In early 2018, shortly before the case was scheduled to head to trial, Live Nation paid $110 million to settle the suit and another (undisclosed) amount to acquire the Songkick ticketing assets that WMG had opted not to purchase.

The complaint alleged in part that the aforementioned former Crowdsurge employee (named Stephen Mead, though the identity isn’t disclosed in the DOJ release) had delivered a large number of documents and passwords – about the company that he previously worked for, that is – to Ticketmaster higher-ups (specifically, former head of artist services Zeeshan Zaidi).

This information included “draft ticketing web pages” for artists (which hadn’t been made publicly available) as well as “multiple sets of usernames and passwords for Toolboxes,” password-protected apps “that provided real-time data about tickets sold through the victim company.”

By monitoring the draft webpages (which were neither password protected nor listed in search engines), “Ticketmaster could identify the victim company’s clients and attempt to dissuade them from selling tickets through the victim company.”

Mead had signed a non-disclosure agreement before exiting Crowdsurge, and Zaidi in October of 2019 pled guilty “to conspiring to commit computer intrusions and wire fraud based on his participation” in the effort to access confidential information, according to the DOJ.

Mead and Zaidi departed the company in 2017, and in a statement concerning the just-announced $10 million fine, Ticketmaster said of the team members who purportedly spearheaded the digital-espionage undertaking: “Their actions violated our corporate policies and were inconsistent with our values. We are pleased that this matter is now resolved.”

As part of the $10 million deferred-prosecution deal, Ticketmaster “will maintain a compliance and ethics program designed to prevent and detect violations of the Computer Fraud and Abuse Act and other applicable laws,” besides preventing the “unlawful acquisition” of competitors’ confidential information moving forward.

“Ticketmaster will also report to the United States Attorney’s Office annually during the three-year term of the agreement regarding these compliance measures,” the DOJ message proceeds, noting that the Live Nation subsidiary will face prosecution for the five charges if it violates the terms of the agreement.

Earlier this month, a federal judge ruled that an angry customer couldn’t take his class-action complaint against Ticketmaster to trial because the company’s terms of service contain an enforceable arbitration agreement. Separately, competing ticketing platform Lyte raised $33 million in a Series B funding round.

2 Responses

  1. Avatar
    Sam

    And, typical with most government lawsuits, the recovery won’t go to the damaged parties, but to the federal coffers. Ain’t that justice?!