Ticketmaster Data Breach Class Action Lawsuit Seeks Damages From Live Nation, Snowflake Over Cybersecurity Failure

According to allegations raised in a class action lawsuit filed over the recent Ticketmaster data breach, millions of customers had their full names, addresses, contact details, partial credit card data and other private information compromised due to the failure of Live Nation and the cloud-based storage service Snowflake, Inc. to properly safeguard their systems from cyberattacks.

Ticketmaster’s parent company, Live Nation, announced the data breach in a report to the U.S. Securities and Exchange Commission in late May 2024, indicating that hackers were attempting to sell customers’ personal identifying information (PII) on the dark web, after the data was taken from Snowflake, which stores online information for numerous different companies.

However, it now appears that the massive Ticketmaster data breach was the result of a cybersecurity failure, which allowed the hackers to access records involving more than 560 million customers.

The Ticketmaster class action lawsuit (PDF) was filed by William Yarbough, Patricia Marshall and Elizabeth Quinby in the U.S. District Court for the Central District of California on August 5, seeking damages for all individuals impacted by the data breach, including reimbursement for out-of-pocket expenses, losses incurred seeking to remedy or mitigate effects of the attack, as well as compensation for emotional distress and risks they now face of future harm caused by the compromise of their private information.

According to the lawsuit and various news reports, Ticketmaster is just one of several companies hacked after trusting Snowflake with sensitive customer information. A series of AT&T data breach lawsuits have also been filed in recent months after the telecom giant announced two separate data breaches earlier this year, including one that was also caused by Snowflake’s mishandling of sensitive customer information.

Ticketmaster Data Breach Class Action Lawsuit

None of the three plaintiffs bringing this class action lawsuit against Ticketmaster report having their identities stolen. However, they indicate that all customers must now take extra precautions to safeguard their finances, since their private information may be released on the Dark Web.

As a result of the Ticketmaster data breach, plaintiffs indicate that they must spend substantial time reviewing their accounts for fraudulent activity and closely monitoring their financial information. In addition, they now face an increased risk of fraud, identity theft and data misuse due to the preventable cybersecurity failures.

“Defendants disregarded the rights of Plaintiffs and Class Members by, inter alia, failing to take adequate and reasonable measures to ensure their data systems were protected against unauthorized intrusions; failing to disclose that they did not have adequately robust computer systems and security practices to safeguard Private Information; failing to take standard and reasonably available steps to prevent the Data Breach; and failing to properly train its staff and employees on proper security measures,” the lawsuit states. “In addition, Defendants failed to properly monitor the computer network and systems that housed the Private Information. Had Defendants properly monitored these electronic systems, Defendants would have discovered the intrusion sooner or prevented it altogether.”

The lawsuit presents claims of negligence, negligence per se, breach of implied contract, breach of fiduciary duty and unjust enrichment.

Federal Data Breach Litigation

The complaint is the latest of a growing number of lawsuits filed against Ticketmaster, AT&T, Snowflake and other companies that have experienced massive data breaches in recent years.

The U.S. JPML has already established an MDL for all AT&T data breach lawsuits stemming from a 2021 security failure, which exposed social security numbers and other personal identifying information for millions of former customers. While that earlier release does not appear to involve Snowflake, a separate AT&T data breach involving customer cell phone call records was linked to the cloud storage company.

In July, a motion was filed to establish a separate MDL for Snowflake data breach lawsuits, calling for all claims stemming from the security failures at the cloud storage company to be consolidated before one judge in the U.S. District Court for the District of Montana for coordinated discovery and pretrial proceedings.

If the JPML chooses to consolidate the Snowflake data breach lawsuits before one judge, it will likely include the class action lawsuits brought for Ticketmaster customers.