Skip to main content
close search
site logo
Dive Brief

Live Nation confirms Ticketmaster data breach after proposed class action

The breach, which reportedly exposed the personal data of more than 500 million consumers to the “dark web,” was the direct result of poor cybersecurity measures, the lawsuit alleges.

Published June 4, 2024
Alexei Alexis's headshot
Reporter
The Live Nation app is seen in photo.
Michael M. Santiago via Getty Images

Dive Brief:

  • Ticketmaster owner Live Nation Entertainment on Friday confirmed that it was the victim of a cyberattack that compromised customer data, characterizing the likely financial impact as immaterial for now.
  • In a securities filing, the company said it launched an investigation after discovering "unauthorized activity within a third-party cloud database" environment containing company data on May 20. A week after the discovery, a “criminal threat actor” offered what it alleged to be company user data for sale on the “dark web,” according to the disclosure, which was made in what’s known as an Item 8.01 Form 8-K filing.
  • “As of the date of this filing, the incident has not had, and we do not believe it is reasonably likely to have, a material impact on our overall business operations or on our financial condition or results of operations,” the filing said. “We continue to evaluate the risks and our remediation efforts are ongoing.”

Dive Insight:

A proposed class action lawsuit against Live Nation and Ticketmaster alleges that the breach was a direct result of the defendants’ failure to implement “adequate and reasonable” cybersecurity procedures and protocols.

The suit was filed on May 29 in the U.S. District Court for the Central District of California on the heels of news reports saying that a cybercriminal group called ShinyHunters claimed it had stolen personal data belonging to more than 500 million Ticketmaster customers. The group's post said the data was available for purchase for $500,000 in a “one-time sale,” according to a CBS News article.

“This Data Breach occurred because Ticketmaster enabled an unauthorized third party to gain access to and obtain former and current Ticketmaster customers’ Private Information from Ticketmaster’s internal computer systems,” the complaint said.

Under rules adopted by the Securities and Exchange Commission last year, public companies are required to report a “material” cybersecurity incident to the agency in an Item 1.05 Form 8-K within four days of determining the breach is material. The agency recently clarified that the rules aren’t intended for reporting immaterial incidents, although it welcomes such disclosures under a different filing category.

“I recognize the value of such voluntary disclosures to investors, the marketplace, and ultimately to companies, and this statement is not intended to disincentivize companies from making those disclosures,” Erik Gerding, director of the SEC’s Division of Corporation Finance, said in a May 21 statement. “Rather, this statement is intended to encourage the filing of such voluntary disclosures in a manner that does not result in investor confusion or dilute the value of Item 1.05 disclosures regarding material cybersecurity incidents.”

If a company chooses to disclose a breach for which it has not yet made a materiality determination, or one that was determined to not be material, the Division of Corporation Finance encourages the company to disclose that incident under a different item of Form 8-K, such as Item 8.01, Gerding said.

Editors' picks

Company Announcements

View all | Post a press release
Pharmaceutical Executive Taggart McGurrin Featured on Life Sciences 360 Podcast
From Wild Fig Advertising
October 29, 2024
Basware’s New GenAI Tool Transforms Insights for CFOs
From Basware
October 29, 2024

Want to share a company announcement with your peers?

Get started

Editors' picks
Latest in Technology
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell