Ticketmaster Will Pay $10 Million Fine to Settle Federal Charges It Hacked Rival’s System
Ticketmaster agreed to pay a $10 million criminal fine to avoid prosecution over charges that it illegally accessed systems of a startup rival to steal proprietary info in an attempt to “choke off” the smaller company’s business, federal authorities said.
On Wednesday, the ticketing giant entered a three-year deferred prosecution agreement in federal court in Brooklyn to resolve five counts of computer intrusion and fraud offenses.
Under the terms of the settlement, Ticketmaster will pay a criminal penalty of $10 million and will maintain a “compliance and ethics program designed to prevent and detect violations” of computer-hacking laws as well as to prevent the “unauthorized and unlawful acquisition of confidential information belonging to competitors.” Ticketmaster also is required to report to the U.S. Attorney’s Office annually for the next three years about the company’s compliance with the measures.
Ticketmaster, owned by Live Nation Entertainment, did not respond to a request for comment.
According to the Justice Department’s settlement with Ticketmaster (available at this link), from August 2013 to December 2015, Ticketmaster employees “repeatedly” used stolen passwords to gain unauthorized access to non-public ticketing info from the rival firm. The now-defunct competitor, Songkick, offered artist-direct ticket presales for concerts sold in advance of general ticket sales. A former Songkick employee who had joined Live Nation shared URLs with Ticketmaster employees that provided access to draft ticketing web pages that Songkick had built in an attempt to “steal back” one of Songkick’s top artist clients, federal prosecutors said.
The Ticketmaster deal with prosecutors comes after Zeeshan Zaidi, former head of Ticketmaster’s artist services division, in October 2019 pleaded guilty in a related case to conspiring to commit computer intrusions and wire fraud based on his participation in the scheme.
Songkick shut down in October 2017 after earlier declaring bankruptcy. In January 2018, Live Nation reached a $110 million settlement with Songkick to resolve an antitrust lawsuit the startup had filed under which Live Nation agreed to acquire Songkick’s technology assets and patent portfolio.
“Ticketmaster employees repeatedly — and illegally — accessed a competitor’s computers without authorization using stolen passwords to unlawfully collect business intelligence,” Seth DuCharme, acting U.S. Attorney for the Eastern District of New York, said in a statement. “Further, Ticketmaster’s employees brazenly held a division-wide ‘summit’ at which the stolen passwords were used to access the victim company’s computers, as if that were an appropriate business tactic.”
Between approximately July 2014 and June 2015, Coconspirator-1 and others monitored draft ticketing web pages created by the victim company. Although these pages were not password-protected, they were not indexed in search engines, and therefore could not be located without determining the exact URLs, which included a series of numbers. Until the victim company or artist publicly disseminated a URL, the victim company intended to restrict access to itself and the artist. After joining Live Nation, Coconspirator-1 explained to Zaidi and others how the “store ID” numbers in the URLs were numbered sequentially, enabling Ticketmaster employees to monitor new pages and to learn which artists planned to use the victim company to sell tickets. Coconspirator-1 used this information to search for new victim company ticketing web pages, and sent the URLs to Ticketmaster executives. In or about January 2015, a Ticketmaster employee was assigned to learn about this system from Coconspirator-1, and maintained a spreadsheet listing every victim company ticketing web page that could be located, so that Ticketmaster could identify the victim company’s clients and attempt to dissuade them from selling tickets through the victim company. Zaidi explained that “we’re not supposed to tip anyone off that we have this view into [the victim company’s] activities.”