Live Nation is facing a class action lawsuit over a massive data breach involving its subsidiary, Ticketmaster, which exposed the personal information of up to 560 million customers. The breach occurred in April 2024 when the hacker group ShinyHunters infiltrated Ticketmaster’s database, accessing sensitive data such as names, addresses, emails, phone numbers, and credit card details.

The company took nearly two months to detect the breach and an additional four months to notify affected users. Now, Ticketmaster is being accused of negligence for failing to implement adequate security measures to protect user data and for failing to notify customers in a timely manner after the breach was discovered. A class action lawsuit filed in California federal court seeks damages of at least $5 million on behalf of the impacted customers.

The breach is part of a broader wave of cyberattacks that have targeted high-profile companies in the media and telecom sectors, including Disney, Roku, and AT&T. The hacker group ShinyHunters demanded a $500,000 ransom to prevent the data from being sold on the dark web. Despite this, Ticketmaster allegedly failed to take appropriate steps to secure its systems and protect users’ personal data, particularly in relation to its third-party cloud vendor, Snowflake, which is linked to the breach.

The lawsuit claims that Ticketmaster’s lack of oversight over Snowflake’s security practices was a critical factor in the hack. The plaintiffs argue that Ticketmaster should have ensured that Snowflake implemented stronger data protection measures and conducted security audits. Furthermore, the company is being criticized for retaining users’ personal information longer than necessary, and for selling data on users to business partners and data brokers. This includes data gathered from ticket purchases, merchandise sales, and event registrations, which can include names, addresses, emails, phone numbers, IP addresses, and more.

According to the lawsuit, the breach increases the risk of identity theft, fraud, and spam for affected users. ShinyHunters, known for stealing millions of customer records from companies such as AT&T and GitHub, uses the stolen data to create “Fullz” packages—comprehensive files containing personal information that can be used for identity theft. The value of such data continues to grow, especially with the rise of technologies like deepfakes and AI-powered password cracking, which can make stolen information even more dangerous.

The case follows a series of legal challenges for Ticketmaster, which has also been facing an antitrust lawsuit filed by the Justice Department. While Ticketmaster has yet to comment on the lawsuit, it faces mounting pressure as the fallout from the data breach continues to unfold.