Business News Legal Live Business Top Stories

Ticketmaster sued over UK data breach

By | Published on Friday 5 April 2019


A law firm in Widnes has filed a lawsuit against Ticketmaster in relation to the security breach that occurred on the Live Nation ticketing firm’s UK sites last year. It’s thought up to 40,000 people could have been affected by last year’s data hack, while law firm Hayes Connor says that its legal action – which seeks damages of up to £5 million – is on behalf of over 650 Ticketmaster customers.

Ticketmaster UK confirmed it had identified a major security breach on its system in late June last year. At the time the company said the breach was caused by malicious software on a third-party customer support product it used hosted by tech company Inbenta Technologies. That product was immediately disabled across the firm’s websites and all the customers who may have been affected were contacted.

Digital bank Monzo subsequently revealed that it had spotted the breach several months earlier, adding that it had alerted the Live Nation company to the problem on 12 Apr, more than two months before the ticketing firm alerted customers to the issue.

Although it was never confirmed exactly how many customers had their data stolen during the breach, it’s thought the hack could have affected up to 40,000 people, mainly in the UK, who had bought tickets from the main Ticketmaster UK website – or sister sites TicketWeb or Get Me In! – between February and June last year. Customer data potentially accessed during the hack included addresses, phone numbers, payment info and login details.

Hayes Connor, a law firm that specialises in data protection, has been encouraging any Ticketmaster customers affected by breach to get in touch. It now has over 650 claimants on board and has filed litigation with the High Court in Liverpool.

The law firm’s MD Kingsley Hayes told reporters that they had gone legal after “unsuccessful negotiations” to try to agree an out of court settlement with Ticketmaster.

Noting how the ticketing firm “failed to action the breach until two months after it was alerted to the fact by digital bank Monzo”, he then added that “more than two thirds of our clients have suffered multiple fraudulent transactions since the serious data breach”, while the rest were still at risk of having their data used in fraudulent ways.

“While the Ticketmaster data breach hit the headlines some time ago, the effect on victims is significant and ongoing”, he went on. “Stolen personal information, particularly in instances where a significant number of individuals are involved, is often used in batches, so some victims may yet to experience any fraudulent activity, however, may still be at risk”.

He concluded: “Individuals who were alerted to the data breach by Ticketmaster can still join our action to claim compensation but must act to do so in the next few weeks”.

The big Ticketmaster hack was confirmed a month after that week when everyone had data protection law pushed very much into their faces as the European Union’s General Data Protection Regulation went live. After confirming the breach, Ticketmaster said it was confident it had complied with GDPR rules in the way it had responded to the incident, despite Monzo revealing that the firm had initially denied there was any problem two months earlier.

Actually, given the breach had occurred before GDPR even came into force, it’s not clear whether those new rules, or pre-existing data protection law, would apply anyway. Investigations by the UK’s National Crime Agency and Information Commissioner’s Office into the incident are also ongoing, the latter saying last year that it was still to decide which set of data protection regulations should apply to the case. With litigation now filed, it remains to be seen what legal arguments Hayes Connor and Ticketmaster present.

Elsewhere in Ticketmaster legal news, over in the US a customer who sued the company over its secondary ticketing business has been told he must take his dispute to arbitration.

Allen Lee sued Ticketmaster last year alleging that – by working with touts who resell tickets that had originally been bought on its own primary site – the ticketing giant was violating competition and consumer protection laws Stateside.

Ticketmaster responded to the lawsuit by arguing that the terms and conditions Lee had agreed to when buying his tickets from the company said that any future legal dispute must be taken to independent arbitration before any court of law.

Yesterday, the Californian judge overseeing the case agreed with Ticketmaster, dismissing Lee’s lawsuit and telling him to go ahead with arbitration instead. Another judge overseeing a similar case, also in California, also recently indicated he’d let Ticketmaster enforce its arbitration term against the customer pursuing that bit of litigation.