Ticketmaster Fined $10m

Ticketmaster operates a platform for consumers to buy tickets for events including music concerts and sporting events. 

A group of Ticketmaster executives created a hacking attack against a rival concert pre-sales firm, with the aim to take down its business and now Ticketmaster has agreed to pay a criminal fine of $10 million (£7.3m) after staff admitted to hacking into a rival firm's systems in order to "choke off" their presale ticket business. US prosecutors say the goal was to “steal back” key clients. 

Under the terms of the settlement, Ticketmaster will pay a criminal penalty of $10 million and will maintain a “compliance and ethics program designed to prevent and detect violations” of computer-hacking laws as well as to prevent the “unauthorised and unlawful acquisition of confidential information belonging to competitors.”  

The US Department of Justice (DoJ) said employees of Ticketmaster, a subsidiary of Live Nation Entertainment, "repeatedly" infiltrated the computers of a rival presale tickets seller. According to the US Eastern District Court of New York, a former employee of the victim firm, Crowdsurge which maintained a presence in both the UK and New York until 2017, left their post in 2012 to join Live Nation. 

Despite signing a confidentiality agreement before entering their new employment, this individual, instead, entered into a scheme designed to disrupt the competitor's business operations.  

The DoJ says that after joining Live Nation in 2013, the co-conspirator shared confidential information with Ticketmaster employees including the former head of the Artist Services division Ahmed Zeeshan Zaidi.  Ticketmaster's rival offered presale tickets before they were made available to the general public and created a password-protected app for artists to track their ticket sales, known as ToolboxesThe unnamed conspirator was promoted and given a raise the year following. Ticketmaster employees continued to lurk in Toolboxes and maintained a spreadsheet of all account URLs until the end of 2015.

One of the overall goals was to "steal back one of the victim company's signature clients," US prosecutors said, and if successful, this would "choke off" the Ticketmaster rival, "cutting them off at the knees."  

A senior executive of Live Nation asked Zaidi and others to prepare a presentation comparing Ticketmaster pre-sale to the rival's Toolboxes, and the team obliged, by once again using the stolen passwords, this time in public.  Employees involved in the scheme were fired. US prosecutors filed five criminal counts against Ticketmaster, including wire fraud and conspiring to commit computer intrusion. In a separate but related case, Zaidi pled guilty to conspiring to commit computer intrusions and wire fraud.  

Ticketmaster will pay a criminal penalty of $10 million and has agreed to submit to a three-year deferred prosecution agreement including the creation of a new compliance and ethics program. The ticket seller must also report to the United States Attorney's Office annually until the agreement expires.  

US Dept. of Justice:        Variety:     Threatpost:       ITPro:        ZDNet

You Might Also Read:

Flight Ticket Fraud Alert:

 

« WEBINAR: Build An Effective Cloud Threat Intelligence Program In The AWS Cloud
Cyber Security Training Drill »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NuHarbor Security

NuHarbor Security

NuHarbor is a leading information security consulting and advisory firm specializing in Information Security, Compliance, and Risk Management.

CERT.at

CERT.at

CERT.at is the Austrian national Computer Emergency Response Team.

Secure India

Secure India

Secure India provides Forensic Solutions that help Government and Business in dealing with prevention and resolution of Cyber related threats.

e-Crime Bureau

e-Crime Bureau

e-Crime Bureau is a specialized company offering cyber/computer forensics, cyber security consulting services, forensic audit and investigations services and training to clients across Africa.

Physec

Physec

Physec offers innovative security products and solutions for the Internet of Things ecosystem.

Garland Technology

Garland Technology

Garland Technology specializes in network access points (TAPs) for 100% visibility allowing you to see every bit, byte, and packet flowing through your network.

Sequoia Capital

Sequoia Capital

Sequoia Capital is a venture capital firm focused mainly on technology. We partner both with young companies finding their stride and established ones looking for growth.

Cyber Security Cloud (CSC)

Cyber Security Cloud (CSC)

Cyber Security Cloud provides web application security services worldwide using world's leading cyber threat intelligence and AI technology.

Presidio

Presidio

Presidio is a leading North American IT solutions provider focused on Digital Infrastructure, Business Analytics, Cloud, Security & Emerging solutions.

Upfront Security

Upfront Security

Upfront Security helps companies with innovative products & services to prevent, recognise and recover from (identity) fraud.

Center for Information Security Awareness (CFISA)

Center for Information Security Awareness (CFISA)

CFISA was formed by a group of academics, security and fraud experts to explore ways to increase security awareness among audiences, including consumers, employees, businesses and law enforcement.

Association of Azerbaijani Cyber Security Organizations (AKTA)

Association of Azerbaijani Cyber Security Organizations (AKTA)

The Association of Azerbaijani Cyber Security Organizations (AKTA) is a non-commercial organization aimed at strengthening the country's cybersecurity system.

US Department of State - Bureau of Cyberspace & Digital Policy

US Department of State - Bureau of Cyberspace & Digital Policy

The Bureau of Cyberspace and Digital Policy leads and coordinates the Department’s work on cyberspace and digital diplomacy to encourage responsible state behavior in cyberspace.

Cyber Octet

Cyber Octet

Cyber Octet is an IT Solution, Security, Training and Services company. We provide training and services from Web Application Security to ISO 27001 implementation.

We Hack Purple

We Hack Purple

We Hack Purple is a Canadian company dedicated to helping anyone and everyone create secure software.

Togggle

Togggle

Togggle offers seamless identity verification solutions and distributed infrastructure, enabling organizations to combat fraud and ensure compliance with data protection regulations.