Ticketing company Eventbrite is facing a class action lawsuit over the data breach that occurred when their subsidiary, Ticketfly, was hacked at the end of May in an event the company described as a “cyber incident.” The suit claims that Ticketfly compromised private personal information of its users due to its inadequate cybersecurity prevention, detection and response protocol.
As a result, the suit is claiming that users have been placed at serious and ongoing risk of misuse, fraudulent charges and identity theft from the data breach.
In light of the data breach the suit reads that Eventbrite, doing business as Ticketfly, “failed to prevent, detect, or otherwise act in a reasonable manner or within a reasonable time, resulting in” customers’ sensitive and confidential personal information, including their names, home and business addresses, phone numbers, email addresses, and passwords being accessed by an unauthorized party. Ticketfly later acknowledged on its blog that the data of 27 million users was accessed as part of the attack.
The suit continues that in the aftermath of the breach, the company has failed to notify plaintiff Shanice Kloss or any other users that their data was compromised or, to Kloss’s knowledge, implemented nay breach notification process whatsoever.
“Despite the severity of the Data Breach, Eventbrite failed to reasonably implement a breach notification protocol,” the complaint reads. “Aside from a passive support page and a single Tweet on social media, Eventbrite failed to take measures to alert” that their information had been breached.
Billboard reached out to Eventbrite which stated that it does not comment on pending litigation.
Citing a Motherboard article from June 4, the suit claims that the ransomware hackers gained access to information on over 27 million customers. It adds that those millions of customers were then uninformed of their data being stolen in a prompt manner, depriving them of a critical time period to change passwords or protect themselves.
Instead, the complaint reads, “Defendant let its customers languish in ignorance as to the real risk of irreversible privacy harms presented by the unauthorized parties who had gained access to their” information.
The defendant believes she has suffered mental anguish over the data breach since she worries about if or when her information will be misused, the complaint reads, and argues that Eventbrite cut corners on security measures in an effort to save money.
Filed in Illinois’ Cook County Superior Court, Eventbrite is facing accusations of consumer fraud and deceptive business practices, breach of contract, breach of implied contract and negligence.
The suit is seeking an unknown amount in damages an a requirement that Eventbrite provide identity fraud monitoring services for effected customers. The suit also asks that the ticketer do more to enhance security measures to properly safeguard users from future cyberattacks.