A class action lawsuit has been filed against Live Nation’s Ticketmaster following a massive data breach that exposed the personal information of up to 560 million users. The breach, which occurred in April 2024, allowed the hacker group ShinyHunters to access and steal names, addresses, emails, phone numbers, and credit card information. The company took nearly two months to detect the breach and another four months to notify affected users, leading to the legal action.
The lawsuit, filed in a California federal court, accuses Ticketmaster of failing to implement adequate security measures to protect against cyberattacks. It also faults the company for not ensuring its cloud computing vendor, Snowflake, adhered to appropriate data security standards. The plaintiffs seek at least $5 million in damages, citing negligence, unjust enrichment, and breach of implied contract.
ShinyHunters has been responsible for several high-profile breaches in recent years, including hacks of AT&T and GitHub. The group reportedly demanded a ransom of $500,000 to avoid selling the stolen data on the dark web. Users affected by the breach claim they now face increased risks of identity theft and fraud due to Ticketmaster’s data retention policies.
The incident comes as Ticketmaster faces additional scrutiny, with the U.S. Department of Justice having filed an antitrust lawsuit against the company earlier this year. Ticketmaster has yet to issue a comment on the data breach lawsuit.