[BreachExchange] Law Firm Launches $6.5 Million Action Against Ticketmaster Over Data Breach

[Destry Winant]

https://www.billboard.com/articles/business/touring/8505737/law-firm-launches-65-million-action-against-ticketmaster-over-data

A British law firm has launched a £5 million ($6.5 million) legal
action against Ticketmaster following last year’s security breach,
which is believed to have affected up to 40,000 U.K. customers.

Widnes-based Hayes Connor Solicitors issued its claim at the High
Court in Liverpool on behalf of over 650 claimants. The company says
it is the first U.K. law firm to proceed with a multi-party litigation
against Ticketmaster in relation to the data breach and is pursuing
damages of up to £5 million ($6.5 million).

The U.K. arm of Ticketmaster detected a major security breach on June
23, 2018 when it identified malicious software on a third-party
customer support product hosted by Inbenta Technologies. The product
was immediately disabled across all Ticketmaster websites.

The breach was first spotted by digital bank Monzo several months
earlier. Monzo has said it notified the Live Nation-owned company
about a significant security issue on April 12, although Ticketmaster
did not publicly announce it until June 27, more than two months
later.

At the time, Ticketmaster said less than 5 percent of its global
customer base had been potentially impacted, limited mostly to the
U.K. and not affecting users in North America. It acknowledged that
some of its customers’ personal or payment information may have been
stolen by an unknown third party.

Neither Ticketmaster nor Live Nation have ever stated how many
customers’ data was accessed, although the number is understood to be
around 40,000 U.K. customers who purchased tickets between February
and June 23 of last year from Ticketmaster’s main U.K. platform, or
sister sites TicketWeb and Get Me In!

Information potentially stolen included customers’ name, address,
email address, telephone number, payment details and login details.
All  affected customers have been contacted.

In a statement, Hayes Connor managing director Kingsley Hayes said the
law firm had launched its legal action “following unsuccessful
negotiations with Ticketmaster which maintains that it is not liable
for the data breach and the subsequent damages suffered by its
customers.”

The law firm claims that more than two-thirds of its clients suffered
“multiple fraudulent transactions” as a result of the data breach. It
said the impact on those affected had been “significant stress and
heightened anxiety” and that some had to take time off work as a
result. The “effect on victims is significant and ongoing,” it added.

“Stolen personal information, particularly in instances where a
significant number of individuals are involved, is often used in
batches so some victims may yet to experience any fraudulent activity,
however, may still be at risk,” warned Hayes.

Ticketmaster declined to comment. Investigations into the security
breach by the Information Commissioner’s Office (ICO) and National
Crime Agency (NCA) -- working alongside specialist officers from the
National Cyber Crime Unit (NCCU) -- are ongoing.