The latest industry news to your inbox.


I'd like to hear about marketing opportunities


I accept IQ Magazine's Terms and Conditions and Privacy Policy


Eventbrite sued over Ticketfly data breach

Ticketfly's parent company has been hit with a class-action suit which claims it didn't do enough to prevent a cyberattack in late May

By Jon Chapple on 04 Oct 2018

Circuit Court of Cook County

The suit was filed in the circuit court of Cook County, Illinois

image © Seth Anderson

Eventbrite is facing a class-action lawsuit over allegations Ticketfly’s “lax cybersecurity procedures” allowed hackers to gain access to 27 million customers’ personal data in May’s cyberattack.

Personal information including names, addresses, email addresses and phone numbers was stolen in the data breach, which led to a week-long shutdown of all Ticketfly services, as well as a number of Ticketfly.com-based venue websites, and forced several promoter partners to push back onsales or migrate to parent company Eventbrite’s platform.

While Ticketfly moved quickly to reassure clients it “takes privacy and security very seriously”, a lawsuit filed in Cook County, Illinois, on Tuesday claims otherwise, accusing the company of consumer fraud, deceptive practices, breach of contract and negligence for its supposedly poor web security – including allegedly failing to heed hackers’ warnings in the run-up to the attack – and an inadequate response once it was discovered.

Ticketfly allegedly failed to “take reasonable measures” to “mitigate the vulnerability”, despite hackers making contact ahead of the attack

Ticketfly/Eventbrite’s “lax cybersecurity procedures” allowed hackers to gain access to her and others’ personal information, says lead plaintiff Shanice Kloss, with the company allegedly failing to “take reasonable measures” to “mitigate the vulnerability”, despite hackers making contact ahead of the attack.

Additionally, claims Kloss, Ticketfly failed to notify her that her data had been compromised, instead limiting its immediate response to a “passive support page” on the Ticketfly website and a “single tweet on social media”. Consequently, she says, she did not learn about the hack until September, months after her personal data was accessed.

Kloss, represented by Jad Sheikali and William Kingston of Chicago’s McGuire Law, seeks unspecified damages and a court order forcing Ticketfly to improve its cybersecurity.

Eventbrite declined to comment.


Get more stories like this in your inbox by signing up for IQ Index, IQ’s free email digest of essential live music industry news.

More news

Ridiculous lawsuit of the week: TM sued over Hamil... After buying tickets for the wrong date, a Houston lawyer is taking Ticketmaster to court, alleging breach of contract
StubHub trade secrets lawsuit rumbles on The lawsuit alleges StubHub and eBay were aware of – and encouraged – a plan to steal proprietary data, a claim strenuously denied by the leading...secondary ticketer
TM promises review as TradeDesk lawsuits mount NA pres Jared Smith says Ticketmaster is reviewing all accounts to check compliance with its terms of service, as lawyers take aim following last...week's CBC exposé
TicketNetwork sues NYAG to defend speculative rese... The resale site has sought the protection of New York's supreme court, as attorney-general Barbara Underwood presses on with plans to sue over...speculative ticket listings
Ticketfly back online, confirms 27m accounts compr... All Ticketfly services are back to normal, with 27m accounts now known to have been compromised – albeit containing only 32% unique customer data