SAN FRANCISCO: Live Nation Entertainment said on Friday (May 31) it was investigating a data breach at its Ticketmaster unit that it discovered on May 20, the latest in a string of high-profile corporate hacks in the past year.
In a filing with the US Securities and Exchange Commission, Live Nation said it found “unauthorised activity” in a third-party cloud database that mainly contained Ticketmaster data, and was working with forensic investigators.
A cybercrime group named ShinyHunters posted evidence of the hack on the dark web on May 27, claiming to have stolen user data of over 500 million Ticketmaster customers.
The group demanded a ransom payment of US$500,000, describing it as a “one-time sale”, according to the post.
Live Nation did not mention ShinyHunters in its SEC filing.
The company did not respond immediately to a Reuters request for comment.
Ticketmaster, a California-based company, operates one of the largest online ticket sales platforms in the world.
The breach comes as Live Nation has been battling regulatory scrutiny over antitrust concerns.
The concert promoter was hit last week with the first in a likely wave of consumer antitrust lawsuits after the US government and states sued to break up the firm, arguing that along with its Ticketmaster unit, the company was illegally inflating concert ticket prices.
Live Nation in its filing said that the company first identified “unauthorised activity” on May 20, a week before the post on the dark web..
“We are working to mitigate risk to our users and the company, and have notified and are cooperating with law enforcement,” the company said.
“As appropriate, we are also notifying regulatory authorities and users with respect to unauthorised access to personal information.”
The breach hasn’t had and is unlikely to have a material impact on Live Nation’s business or financials, the company said.
“We continue to evaluate the risks and our remediation efforts are ongoing,” Live Nation said.
The Australian government on Thursday said it was investigating the hacking claims, with the FBI offering its assistance.
ShinyHunters burst into notoriety in 2020-21 when it put up huge troves of customer records from more than 60 companies, according to the US Department of Justice.
In January, a court in Seattle jailed Sebastien Raoult, a French computer hacker who was a member of ShinyHunters.
He was sentenced to three years in prison and ordered to pay more than US$5 million in restitution after pleading guilty to conspiracy to commit wire fraud and aggravated identity theft.