Imagine being a company that got hacked and then hacked others. That is Ticketmaster Entertainment for you. In 2018, Ticketmaster UK was hacked and is one of the earliest companies hit by the Magecart attacks.
The information stolen included addresses, names, phone numbers, payment details, and Ticketmaster login details.
However, the company is now agreeing to pay a $10 million fine to avoid criminal charges alleging that it hacked the computer network run by one of its rivals, Songkick (formerly known as CrowdSurge).
The $10 million payment is in addition to the $100 million the company paid to settle a civil suit filed in 2018 by Songkick.
The unsavoury Ticketmaster
In what is a very sleazy story, Ticketmaster used employees to hack CrowdSurge/Songkick to get details of artists that hired the company to sell up to $10% of the seats in tours, using fan clubs. For Ticketmaster, this was seen as something that would eat into its market share.
The hacking effort wasn’t a one-time thing but was done in 2012 and 2015, with details shared at the Board level at Ticketmaster.
Acting U.S. Attorney DuCharme, said in a statement that Ticketmaster employees repeatedly and illegally accessed their rival’s computers and stole confidential information for business intelligence.
DuCharme added that the employees had a division-wide summit where the stolen passwords were used to hack company computers as if it were not an unlawful business practice. The resolution reached shows that any company which does anything like this should expect to be brought to justice in federal court.
Ticketmaster will also be required to have a compliance and ethics program, to prevent and detect violations and avoid the wrongful acquisition of competitor information.
The company will also have to report to the U.S. Attorney’s General Office every year for three years to prove compliance.