Live Nation issued a Securities And Exchange Commission filing on Friday confirming that it is investigating what it calls “unauthorised activity” on a “a third-party cloud database environment” containing data from its Ticketmaster division.
Hackers last week claimed to have accessed personal data relating to more than half a billion Ticketmaster customers, in a data breach that has been connected to a similar hack impacting the bank Santander, with both companies being clients of cloud storage provider Snowflake.
Snowflake has denied that the breaches are the fault of its system, saying “we do not believe this activity is caused by any vulnerability, misconfiguration or malicious activity within the Snowflake product”. It blames the attacks on “unrelated cyber threat activity” that left “customers’ user credentials exposed”.
In more simple terms, the suggestion is that someone at Ticketmaster had their Snowflake credentials compromised, which allowed hackers access to the data.
Ahead of Friday’s SEC statement, Live Nation’s failure to formally comment on the hacking claims was criticised in a class action lawsuit led by two Ticketmaster customers.
The lawsuit noted that, at the point of filing the litigation, the live giant had not “released a statement nor notified its customers that their private information has been compromised and is likely in the hands of threat actors”.
As a result of Live Nation's failure to quickly communicate, it went on, “Ticketmaster consumers are in the dark, unaware that their private information may be used to effectuate identity theft, phishing scams, plunging credit scores and related cybercrimes”.
In December 2023, the SEC introduced a controversial new rule that required publicly traded companies to disclose “material” cybersecurity incidents “within four business days after the company determines the incident to be material”.
In the statement that Live Nation filed with the SEC, it said that it first identified the “unauthorised activity” on 20 May. In response, Live Nation launched an investigation working with “industry-leading forensic investigators”.
Last week the hacker group ShinyHunters posted its claim to have accessed personal data relating to 560 million Ticketmaster customers, putting that data up for sale on the dark web. In response to that Live Nation said that it is, “working to mitigate risk to our users and the company” and has “notified and is cooperating with law enforcement”.
In terms of the impact of the data hack, Live Nation’s statement continues, “As of the date of this filing, the incident has not had, and we do not believe it is reasonably likely to have, a material impact on our overall business operations or on our financial condition or results of operations. We continue to evaluate the risks and our remediation efforts are ongoing”.
However, depending on the outcome of investigations - including by data protection authorities around the world - as well as the class action lawsuit, that may be a somewhat optimistic assessment. In 2020, the UK Information Commissioner’s Office fined Ticketmaster £1.25 million following a much smaller data breach in 2018 that affected about 40,000 customers.
The speedily filed class action lawsuit in the California courts seeks to represent any American Ticketmaster customer whose personal data was allegedly hacked. It claims that the data breach was the result of Live Nation’s “failure to implement adequate and reasonable cybersecurity procedures and protocols, consistent with the industry standard”.
The lawsuit then claims that Ticketmaster customers are now incurring the cost and hassle of “mitigating the effects of the attack”, so changing passwords, monitoring bank statements for fraudulent charges, and carefully screening phone calls and emails for possible scams.
On top of that, there is the “emotional distress” and “the imminent risk of future harm” depending on what happens to the hacked data.
It was also ShinyHunters that last week claimed to have stolen data relating to customers and employees of the bank Santander. According to the BBC, cyber-security company Hudson Rock linked the Ticketmaster and Santander data breaches, stating that they are both part of a major ongoing hack of Snowflake’s platform.
However, Hudson Rock has since removed its blog post that made the connection between Santander, Ticketmaster and Snowflake.