One of the biggest brands in the music and events business, Ticketmaster, has agreed to pay a $10 million fine for “computer intrusion and fraud offenses” after employees used stolen credentials to spy on a competitor, according to the Department of Justice.
The rival company didn’t know that one of its former employees had leaked logins to Ticketmaster, which used them to gather information in the mid-2010s about the competitor’s technology and other aspects of its business.
“Ticketmaster employees repeatedly – and illegally – accessed a competitor’s computers without authorization using stolen passwords to unlawfully collect business intelligence,” said acting U.S. Attorney Seth D. DuCharme. “Further, Ticketmaster’s employees brazenly held a division-wide ‘summit’ at which the stolen passwords were used to access the victim company’s computers, as if that were an appropriate business tactic.”
The feds don’t name the victim company, but it’s widely known to be Songkick. The investigation that led to the charges essentially stemmed from a 2018 antitrust lawsuit by Songkick. Ticketmaster settled it for $110 million and an agreement to acquire some of the rival company’s tech and intellectual property.
The Justice Department describes a caper that began in 2013 and ran through most of 2015, as Ticketmaster monitored Songkick’s private online pre-sales of tickets and “a password-protected app that provided real-time data about tickets sold through the victim company.” The information was later used for a presentation at the 2014 “summit” about the rival company’s activities.
The department is using the case as a reminder that corporate espionage cases get its full attention.
“Ticketmaster used stolen information to gain an advantage over its competition, and then promoted the employees who broke the law. This investigation is a perfect example of why these laws exist — to protect consumers from being cheated in what should be a fair market place,” said FBI Assistant Director-in-Charge William F. Sweeney Jr.
The $10 million fine against Ticketmaster — a wholly owned subsidiary of entertainment giant Live Nation — settles five criminal charges for illegal computer access and fraud. In a related case in October, Zeeshan Zaidi, the former head of Ticketmaster’s Artist Services division, pleaded guilty to charges of conspiring to commit computer intrusions and wire fraud.
Under the deal with the feds, Ticketmaster also must maintain a compliance and ethics program “designed to prevent and detect violations of the Computer Fraud and Abuse Act and other applicable laws, and to prevent the unauthorized and unlawful acquisition of confidential information belonging to its competitors.”
Ticketmaster did not release a statement about Wednesday’s action. The company occasionally pops up in cybersecurity news for issues such as ticket-buying bots.
The coronavirus pandemic has made it a tough year for the concert business in general. Ticketmaster and other events companies are still trying to sort out how to handle things like COVID-19 testing and vaccination proof once restrictions on big live events are lifted.