"The Ticketmaster data breach: multi-million class action claim", 5 November 2024

Following our June article discussing the investigation of the potential data breach of over 500 million Ticketmaster customers, the ticket distribution company is now facing a multi-million dollar class action claim in the US for negligent behaviour before the breach (along with unjust enrichment and breach of implied contract).

The claim has been filed against Ticketmaster (and its parent company Live Nation Entertainment), and seeks damages of at least $5 million for affected users, plus legal fees and costs.

It alleges that Ticketmaster failed to implement reasonable and adequate security measures to protect its users’ information, and that Ticketmaster was aware of the significant risk of a cyberattack. Ticketmaster’s website and privacy policies claimed sufficient security measures were in place when data was shared with third parties. However, the claimants say that Ticketmaster did not ensure that its third-party cloud database, Snowflake, was enforcing these safeguards – i.e. it “could and should” have implemented measures that would have stopped the breach.

In addition, the claimants say that Ticketmaster failed to alert users that their data had been compromised in a timely manner. They claim that the company was aware of the breach from as early as April 2024 but failed to produce a notification of that breach not taking place until July 2024...