The latest industry news to your inbox.


I'd like to hear about marketing opportunities


I accept IQ Magazine's Terms and Conditions and Privacy Policy


Eventbrite sued over Ticketfly data breach

Ticketfly's parent company has been hit with a class-action suit which claims it didn't do enough to prevent a cyberattack in late May

By Jon Chapple on 04 Oct 2018

Circuit Court of Cook County

The suit was filed in the circuit court of Cook County, Illinois

image © Seth Anderson

Eventbrite is facing a class-action lawsuit over allegations Ticketfly’s “lax cybersecurity procedures” allowed hackers to gain access to 27 million customers’ personal data in May’s cyberattack.

Personal information including names, addresses, email addresses and phone numbers was stolen in the data breach, which led to a week-long shutdown of all Ticketfly services, as well as a number of Ticketfly.com-based venue websites, and forced several promoter partners to push back onsales or migrate to parent company Eventbrite’s platform.

While Ticketfly moved quickly to reassure clients it “takes privacy and security very seriously”, a lawsuit filed in Cook County, Illinois, on Tuesday claims otherwise, accusing the company of consumer fraud, deceptive practices, breach of contract and negligence for its supposedly poor web security – including allegedly failing to heed hackers’ warnings in the run-up to the attack – and an inadequate response once it was discovered.

Ticketfly allegedly failed to “take reasonable measures” to “mitigate the vulnerability”, despite hackers making contact ahead of the attack

Ticketfly/Eventbrite’s “lax cybersecurity procedures” allowed hackers to gain access to her and others’ personal information, says lead plaintiff Shanice Kloss, with the company allegedly failing to “take reasonable measures” to “mitigate the vulnerability”, despite hackers making contact ahead of the attack.

Additionally, claims Kloss, Ticketfly failed to notify her that her data had been compromised, instead limiting its immediate response to a “passive support page” on the Ticketfly website and a “single tweet on social media”. Consequently, she says, she did not learn about the hack until September, months after her personal data was accessed.

Kloss, represented by Jad Sheikali and William Kingston of Chicago’s McGuire Law, seeks unspecified damages and a court order forcing Ticketfly to improve its cybersecurity.

Eventbrite declined to comment.


Get more stories like this in your inbox by signing up for IQ Index, IQ’s free email digest of essential live music industry news.

Comments are closed.