Criminal computer intrusion fine imposed on Ticketmaster by the US DoJ, after it repeatedly accessed computer system of a rival
Ticketmaster has been handed a stiff financial penalty after it repeatedly accessed computer system of a rival called Songkick.
Reuters reported that Ticketmaster has to pay $10 million to settle five criminal counts including wire fraud, conspiracy and computer intrusion.
The fine is reportedly part of a three-year deferred prosecution agreement between Ticketmaster and the US Department of Justice, which was disclosed at a Wednesday hearing before US District Judge Margo Brodie in Brooklyn federal court.
The agreement also requires the Beverly Hills, California-based Ticketmaster to maintain compliance and ethics procedures designed to detect and prevent computer-related theft.
Ticketmaster is mostly known for its main business of selling and distributing tickets to concerts and other events.
In November this year, the UK’s Information Commissioner’s Office fined Ticketmaster UK £1.25 million for failing to keep its customers’ personal data secure.
That ICO fine was because it “found that the company failed to put appropriate security measures in place to prevent a cyber-attack in 2018 on a chat-bot installed on its online payment page.”
But this week Ticketmaster now has to pay $10 million because it repeatedly accessed the computer systems of a rival whose assets its parent Live Nation Entertainment later purchased, Reuters reported.
According to US prosecutors, from August 2013 to December 2015, Ticketmaster employees used stolen passwords to repeatedly access computers belonging to its rival to obtain confidential business information.
The victim, Songkick, specialised in artist presales, in which some tickets – often around 8 percent – are set aside for fans before general ticket sales begin, in part to foil scalpers.
US prosecutors stated Ticketmaster was hoping to “choke off” the company and lure major clients away, and that one employee in the scheme was rewarded with a promotion and a raise.
Zeeshan Zaidi, who once led Ticketmaster’s Artist Services division, pleaded guilty to a related charge in October 2019. He has yet to be sentenced, Reuters reported.
Ticketmaster reportedly fired Zaidi and the other employee in October 2017.
“Their actions violated our corporate policies and were inconsistent with our values,” it said in a statement on Wednesday. “We are pleased that this matter is now resolved.”
In January 2018, Reuters reported that Live Nation reached a $110 million settlement with Songkick to resolve an antitrust lawsuit Songkick had filed, and agreed to buy Songkick’s remaining technology assets and patent portfolio.
One security expert said this case demonstrated how an organisation can be let down by a rogue employee, which is more of a risk with staff now remote working.
“This is an extremely rare outcome to what was a rather interesting situation,” explained Jake Moore, cybersecurity specialist at ESET. “Ticketmaster have honourably paid a fine as they were ultimately responsible for what their staff carried out, even though they would have struggled to completely mitigate this from occurring.”
“Spotting bad actors from within an organisation takes much more than machine learning and algorithms,” said Moore. “The problems are increased with the rise in home working too, where staff are not shadowed by other employees whilst in work hours. This makes for an even more inviting breeding ground for employees to go rogue.”
“It is vital that there are procedures in place to watch for data misuse, but it takes the efforts of everyone in a company to help spot any discrepancies that might lead to a loss of intellectual or private data,” Moore concluded.