Sign up for IQ Index
The latest industry news to your inbox.
Ticketfly's parent company has been hit with a class-action suit which claims it didn't do enough to prevent a cyberattack in late May
By Jon Chapple on 04 Oct 2018
Eventbrite is facing a class-action lawsuit over allegations Ticketfly’s “lax cybersecurity procedures” allowed hackers to gain access to 27 million customers’ personal data in May’s cyberattack.
Personal information including names, addresses, email addresses and phone numbers was stolen in the data breach, which led to a week-long shutdown of all Ticketfly services, as well as a number of Ticketfly.com-based venue websites, and forced several promoter partners to push back onsales or migrate to parent company Eventbrite’s platform.
While Ticketfly moved quickly to reassure clients it “takes privacy and security very seriously”, a lawsuit filed in Cook County, Illinois, on Tuesday claims otherwise, accusing the company of consumer fraud, deceptive practices, breach of contract and negligence for its supposedly poor web security – including allegedly failing to heed hackers’ warnings in the run-up to the attack – and an inadequate response once it was discovered.
Ticketfly allegedly failed to “take reasonable measures” to “mitigate the vulnerability”, despite hackers making contact ahead of the attack
Ticketfly/Eventbrite’s “lax cybersecurity procedures” allowed hackers to gain access to her and others’ personal information, says lead plaintiff Shanice Kloss, with the company allegedly failing to “take reasonable measures” to “mitigate the vulnerability”, despite hackers making contact ahead of the attack.
Additionally, claims Kloss, Ticketfly failed to notify her that her data had been compromised, instead limiting its immediate response to a “passive support page” on the Ticketfly website and a “single tweet on social media”. Consequently, she says, she did not learn about the hack until September, months after her personal data was accessed.
Kloss, represented by Jad Sheikali and William Kingston of Chicago’s McGuire Law, seeks unspecified damages and a court order forcing Ticketfly to improve its cybersecurity.
Eventbrite declined to comment.
Get more stories like this in your inbox by signing up for IQ Index, IQ’s free email digest of essential live music industry news.