[BreachExchange] Lawsuit claims employee who moved to rival firm stole confidential info

Tue Feb 21 19:35:44 EST 2017

https://www.scmagazineuk.com/lawsuit-claims-employee-who-
moved-to-rival-firm-stole-confidential-info/article/639197/

Court filings have accused ticketing company Ticketmaster of using
information stolen from a rival firm's computers to spy on its activities.
The information was allegedly stolen by a previous employee of the firm,
who now works for Ticketmaster.

The employee in question is Stephen Mead, who was allegedly asked "to use
his knowledge of CrowdSurge's internal systems to improperly access those
systems for purposes of monitoring CrowdSurge's potential and actual
artist-clients, staying abreast of what CrowdSurge was doing and,
ultimately, to 'cut [CrowdSurge] off at the knees.'"

In 2015, SongKick (which merged with CrowdSurge), a direct rival of
Ticketmaster, brought an antitrust case in the US against Ticketmaster for
antitrust violations, anticompetitive behaviour and intentional
interference. The case is still ongoing.

New court papers filed by SongKick in California's Federal Court accuse
Ticketmaster of hiring the ex-CrowdSurge employee, who allegedly stole tens
of thousands of internal company documents from the company, and gave
Ticketmaster unauthorised access to SongKick's internal systems.

The papers filed allege that Mead kept 85,000 documents after leaving
CrowdSurge, including "confidential weekly head of department reports
containing valuable, non-public strategic and financial information; dozens
of usernames and passwords to confidential CrowdSurge tools; client lists;
presentations to CrowdSurge's board of directors; contracts; and internal
corporate business plans and strategies."

The document also alleges that Mead was "willing and eager to share the
requested confidential CrowdSurge information with [Tickermaster SVP
Zeeshan] Zaidi and others at Ticketmaster because Mead's goal, like those
of Defendants generally, was to 'bring down the hammer on CrowdSurge.'"

William Culbert, director of solutions engineering at Bomgar told SC Media
UK: “This story highlights how critical it is for companies to ensure that
only approved users – from internal employees to external vendors – can
access only specified areas of their company network in correspondence to
their role.”

One email quoted by the court filing allegedly shows Mead telling other
employees: "So ahead of our call later today I've pulled together some info
from [CrowdSurge] that might be useful insight into their operations."

Mead also allegedly provided login details to Ticketmaster employees so
they could access CrowdSurge's systems,;an email shows him warning of rash
use of such systems: "I must stress that as this is access to a live CS
tool [so] I would be careful in what you click on as it would be best not
the [sic] giveaway that we are snooping around," it said.

In a statement, Ticketmaster told Variety: "Songkick has been forced to
conjure up a new set of dubious arguments and theories, resulting in the
amended complaint they recently filed ... Songkick's amended complaint is
based on the alleged misappropriation of information that Songkick did not
even try to keep secret, in some cases could not have kept secret, and in
some cases shared with artist managers that work for Live Nation. The
claims have no legal merit and Live Nation and Ticketmaster will continue
to vigorously defend this case."

Culbert added: “This case takes this notion one step further and highlights
the demand for effective and succinct employee off-boarding processes,
removing credential access the moment an employee leaves an organisation,
as well as ensuring the employee cannot continue to access sensitive
information. To truly secure business critical information and or systems
an ethos of “zero trust” integrated with ad-hoc, time-bombed access may be
the only way of effectively securing the modern enterprise.”

SC contacted Ticketmaster for a comment but it did not respond in time for
publication.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170221/cf4a8e30/attachment.html>