Ticketmaster Fined $10m

Uploaded on 2021-01-11 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Law

Ticketmaster operates a platform for consumers to buy tickets for events including music concerts and sporting events. 

A group of Ticketmaster executives created a hacking attack against a rival concert pre-sales firm, with the aim to take down its business and now Ticketmaster has agreed to pay a criminal fine of $10 million (£7.3m) after staff admitted to hacking into a rival firm's systems in order to "choke off" their presale ticket business. US prosecutors say the goal was to “steal back” key clients. 

Under the terms of the settlement, Ticketmaster will pay a criminal penalty of $10 million and will maintain a “compliance and ethics program designed to prevent and detect violations” of computer-hacking laws as well as to prevent the “unauthorised and unlawful acquisition of confidential information belonging to competitors.”  

The US Department of Justice (DoJ) said employees of Ticketmaster, a subsidiary of Live Nation Entertainment, "repeatedly" infiltrated the computers of a rival presale tickets seller. According to the US Eastern District Court of New York, a former employee of the victim firm, Crowdsurge which maintained a presence in both the UK and New York until 2017, left their post in 2012 to join Live Nation. 

Despite signing a confidentiality agreement before entering their new employment, this individual, instead, entered into a scheme designed to disrupt the competitor's business operations.  

The DoJ says that after joining Live Nation in 2013, the co-conspirator shared confidential information with Ticketmaster employees including the former head of the Artist Services division Ahmed Zeeshan Zaidi.  Ticketmaster's rival offered presale tickets before they were made available to the general public and created a password-protected app for artists to track their ticket sales, known as ToolboxesThe unnamed conspirator was promoted and given a raise the year following. Ticketmaster employees continued to lurk in Toolboxes and maintained a spreadsheet of all account URLs until the end of 2015.

One of the overall goals was to "steal back one of the victim company's signature clients," US prosecutors said, and if successful, this would "choke off" the Ticketmaster rival, "cutting them off at the knees."  

A senior executive of Live Nation asked Zaidi and others to prepare a presentation comparing Ticketmaster pre-sale to the rival's Toolboxes, and the team obliged, by once again using the stolen passwords, this time in public.  Employees involved in the scheme were fired. US prosecutors filed five criminal counts against Ticketmaster, including wire fraud and conspiring to commit computer intrusion. In a separate but related case, Zaidi pled guilty to conspiring to commit computer intrusions and wire fraud.  

Ticketmaster will pay a criminal penalty of $10 million and has agreed to submit to a three-year deferred prosecution agreement including the creation of a new compliance and ethics program. The ticket seller must also report to the United States Attorney's Office annually until the agreement expires.  

US Dept. of Justice:        Variety:     Threatpost:       ITPro:        ZDNet

You Might Also Read:

Flight Ticket Fraud Alert:

 

« WEBINAR: Build An Effective Cloud Threat Intelligence Program In The AWS Cloud
Cyber Security Training Drill »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

APMG International (APM Group)

APMG International (APM Group)

APM Group is a global accreditation, certification and examination body specializing in certification schemes for individuals, organizations and software.

ShmooCon

ShmooCon

ShmooCon is an annual east coast hacker convention offering three days of demonstrations and discussions of critical infosec issues.

SharkGate

SharkGate

SharGate provide a cloud-based website security solution to protect websites from being hacked.

Secure Decisions

Secure Decisions

Secure Decisions focus on research and product development related to national security including information assurance, computer network defense, cyber security education, and application security.

Subgraph

Subgraph

Subgraph is an open source security company, committed to making secure and usable open source computing available to everyone.

United Security Providers

United Security Providers

United Security Providers is a leading specialist in information security, protecting IT infrastructures and applications for companies with high demands on security.

Quadron Cybersecurity Services

Quadron Cybersecurity Services

Quadron Cybersecurity Services is a specialist in digital security, data and system protection.

HorizonIQ

HorizonIQ

HorizonIQ (formerly Internap Corp / INAP) maximizes efficiency and innovation with flexible infrastructure solutions.

42Gears

42Gears

42Gears is a leading Unified Endpoint Management provider. Secure, monitor and manage tablets, phones, desktops and wearables.

Ravelin Technology

Ravelin Technology

Ravelin prevents chargebacks, fraud, and account takeover. Machine learning and human insight combine for highly accurate fraud detection and prevention.

Stamus Networks

Stamus Networks

Stamus Networks offers Scirius Security Platform solutions that marry real-time network traffic data with enhanced Suricata intrusion detection (IDS) and an advanced analytics engine.

TAG Cyber

TAG Cyber

TAG Cyber's mission is to provide world-class cyber security research, advisory, and consulting services to enterprise security teams around the world.

Winbond Electronics

Winbond Electronics

Winbond is a Specialty memory IC company. Product lines include Code Storage Flash Memory, TrustME® Secure Flash, Specialty DRAM and Mobile DRAM.

UNS Inc.

UNS Inc.

UNS is a top services partner for multiple leaders in the global cybersecurity industry – we do business in 40 countries, including the United States, Canada, Chile, and Colombia.

Fusion Cyber

Fusion Cyber

Fusion Cyber educates students in Zero Trust Risk Management, Defense, and Cyber Offense that lead to taking industry-accepted cybersecurity certifications.

Kolide

Kolide

Kolide ensures that if a device isn't secure, it can't access your apps.