Ticketmaster handed $10m fine for hacking into rival company
Ticketmaster has been slapped with a $10m (£7.4m) fine after it was charged with repeatedly hacking into the computer systems of a rival company.
In court documents filed last week, the Department of Justice (DoJ) said several Ticketmaster employees used stolen passwords to access confidential information in a bid to “choke off” competition from a rival ticket seller.
“Ticketmaster employees repeatedly – and illegally – accessed a competitor’s computers without authorisation using stolen passwords to unlawfully collect business intelligence,” said acting US attorney Seth DuCharme.
“Further, Ticketmaster’s employees brazenly held a division-wide ‘summit’ at which the stolen passwords were used to access the victim company’s computers, as if that were an appropriate business tactic.”
The hacking scheme
According to the court filing, the charges relate to a former employee of the victim company, who joined Ticketmaster parent company Live Nation in 2013.
The employee was not named in the documents, but was identified as former director of client relations Stephen Mead by Ticketmaster.
Mead illegally retained usernames and passwords and passed them to Ticketmaster employees including Zeeshan Zaidi, former head of Artist Services division.
Ticketmaster then monitored its rival’s draft ticketing web pages, enabling it to find out which artists planned to work with its competitor.
It also hacked into so-called artist toolboxes, a password-protected app providing real-time data about ticket sales.
A Ticketmaster executive said the objective was to “choke off” the rival company and “steal back one of [its] signature clients.”
The filing did not name the victim company, but it has been reported by multiple media outlets as now-defunct website Songkick.
Mead was promoted and given a raise, while Ticketmaster employees continued to access the rival company’s Artist Toolbox until December 2015.
“Ticketmaster terminated both Zaidi and Mead in 2017, after their conduct came to light,” a company spokesperson said.
“Their actions violated our corporate policies and were inconsistent with our values. We are pleased that this matter is now resolved.”
The charges
Ticketmaster has agreed to pay a $10m fine and will be subject to a three-year monitoring period by the US attorney’s office.
In October 2019 Zaidi pled guilty to conspiring to commit computer intrusions and wire fraud based on his participation in the same scheme.
“Today’s resolution demonstrates that any company that obtains a competitor’s confidential information for commercial advantage, without authority or permission, should expect to be held accountable in federal court,” said US attorney DuCharme.
It comes two months after Ticketmaster was hit with a £1.25m fine by the UK data watchdog for failing to keep its customers’ personal data secure.
The Information Commissioner’s Office penalty related to a cyber attack in 2018 which potentially compromised data belonging to more than 9m people.