File Photo
“[This] resolution demonstrates that any company that obtains a competitor’s confidential information for commercial advantage, without authority or permission, should expect to be held accountable in federal court,” said Acting Brooklyn U.S. Attorney DuCharme.
Ticketmaster Pays $10M Fine for Intrusions into Competitor’s Computer Systems
By Forum Staff
Ticketmaster has agreed to pay a $10 million fine to resolve charges that it repeatedly accessed without authorization the computer systems of a competitor, federal prosecutors recently announced.
The fine is part of a deferred prosecution agreement that Ticketmaster has entered with the Brooklyn U.S. Attorney’s Office to resolve a five-count criminal information charging computer intrusion and fraud offenses. Previously, on Oct. 18, 2019, Zeeshan Zaidi, the former head of Ticketmaster’s Artist Services division, pleaded guilty in a related case to conspiring to commit computer intrusions and wire fraud based on his participation in the same scheme.
According to Ticketmaster’s admissions and publicly filed court documents, Ticketmaster, a wholly owned subsidiary of Live Nation Entertainment, Inc., was primarily engaged in the business of selling and distributing tickets to events and concerts. The victim company offered artists the ability to sell presale tickets – sold in advance of general ticket sales – on an online ticketing platform. It also offered artists an Artist Toolbox, which was a password-protected app that provided real-time data about tickets sold through the victim company.
Instrumental to the criminal scheme was Coconspirator-1, a former senior employee of the victim company, who worked in the company’s Brooklyn offices from approximately May 2010 to July 2012. In approximately July 2012, Coconspirator-1 signed a separation agreement with the victim company, in which he agreed to maintain the confidentiality of that company’s confidential information. He then joined Live Nation in approximately August 2013.
Courtesy of Ticketmaster
Under the terms of the deferred prosecution agreement, Ticketmaster will pay a criminal penalty of $10 million.
In November 2013, while employed by Live Nation, Coconspirator-1 shared with Zaidi and another Ticketmaster employee the URLs for draft ticketing web pages that the victim company had built for an artist, but had not disseminated to the public. In response to a Ticketmaster executive explaining that the goal was to “choke off [victim company]” and “steal back one of [victim company]’s signature clients,” Coconspirator-1 offered that Ticketmaster could “cut [victim company] off at the knees” if they could win back presale ticketing business for a second major artist that was a client of the victim company.
In January 2014, Coconspirator-1 emailed Zaidi and a second Ticketmaster executive multiple sets of usernames and passwords for Toolboxes. Coconspirator-1 encouraged the executives to “screen-grab the hell out of the system,” but also warned, “I must stress that as this is access to a live [victim company] tool I would be careful in what you click on as it would be best not [to] giveaway that we are snooping around.” (Emphasis in original.) The information from the Toolboxes was then used to prepare a presentation for other senior executives that was intended to “benchmark” Ticketmaster’s offerings against those of the victim company.
In early May 2014, a senior executive of Live Nation (Corporate Officer-1) asked Zaidi and others how Ticketmaster’s presale online offering compared with the Toolbox. Coconspirator-1 was then asked to “do a screenshare/demo” at an upcoming “Artist Services Summit.” Coconspirator-1 agreed to “pull together a list of the log-ins and URL’s that I still have access to for this so I can give the team as much insight as possible.” At least 14 Live Nation and Ticketmaster employees attended the Artist Services Summit, in San Francisco. There, in front of those employees, Coconspirator-1 used a username and password he had retained from his employment at the victim company to log in to a Toolbox, and provided a demonstration. Coconspirator-1 later also provided Zaidi and other Ticketmaster executives with internal and confidential financial documents he had retained from his employment at the victim company.
In January 2015, Coconspirator-1 was transferred to the Artist Services division, promoted to director of Client Relations, and given a raise. Following the promotion, Coconspirator-1 emailed another Artist Services employee, “Now we can really start to bring down the hammer on [Victim Company].” Ticketmaster employees continued to access password-protected victim company Toolboxes through December 2015.
Between approximately July 2014 and June 2015, Coconspirator-1 and others monitored draft-ticketing web pages created by the victim company. Although these pages were not password-protected, they were not indexed in search engines, and therefore could not be located without determining the exact URLs, which included a series of numbers. Until the victim company or artist publicly disseminated a URL, the victim company intended to restrict access to itself and the artist.
After joining Live Nation, Coconspirator-1 explained to Zaidi and others how the “store ID” numbers in the URLs were numbered sequentially, enabling Ticketmaster employees to monitor new pages and to learn which artists planned to use the victim company to sell tickets. Coconspirator-1 used this information to search for new victim company ticketing web pages, and sent the URLs to Ticketmaster executives. In or about January 2015, a Ticketmaster employee was assigned to learn about this system from Coconspirator-1, and maintained a spreadsheet listing every victim company ticketing web page that could be located, so that Ticketmaster could identify the victim company’s clients and attempt to dissuade them from selling tickets through the victim company. Zaidi explained that “we’re not supposed to tip anyone off that we have this view into [the victim company’s] activities.”
Under the terms of the deferred prosecution agreement, Ticketmaster will pay a criminal penalty of $10 million and will maintain a compliance and ethics program designed to prevent and detect violations of the Computer Fraud and Abuse Act and other applicable laws, and to prevent the unauthorized and unlawful acquisition of confidential information belonging to its competitors. Ticketmaster will also report to the United States Attorney’s Office annually during the three-year term of the agreement regarding these compliance measures. If the company breaches the agreement, it will be subject to prosecution for the charges in the criminal information that was filed today, charging the Company with one count of conspiracy to commit computer intrusions, one count of computer intrusion for commercial advantage, one count of computer intrusion in furtherance of fraud, one count of wire fraud conspiracy and one count of wire fraud.
“Ticketmaster employees repeatedly – and illegally – accessed a competitor’s computers without authorization using stolen passwords to unlawfully collect business intelligence,” said Acting Brooklyn U.S. Attorney Seth DuCharme. “Further, Ticketmaster’s employees brazenly held a division-wide ‘summit’ at which the stolen passwords were used to access the victim company’s computers, as if that were an appropriate business tactic. Today’s resolution demonstrates that any company that obtains a competitor’s confidential information for commercial advantage, without authority or permission, should expect to be held accountable in federal court.”
