Ticketmaster agrees to pay $10 million fine to resolve fraud, hacking charges

Ticketmaster has agreed to pay a $10 million fine to resolve criminal charges that it repeatedly accessed a rival’s computer systems in an alleged scheme to collect “business intelligence.” Ticketmaster, a subsidiary of Live Nation, primarily sells and distributes tickets to concerts and other events.

The fine is part of a deferred prosecution agreement filed in Brooklyn federal court on Wednesday, which includes a five-count criminal information that charges Ticketmaster with conspiracy to commit computer intrusion, computer intrusion for commercial advantage, computer intrusion in furtherance of fraud, wire fraud conspiracy and wire fraud.

Federal prosecutors said Wednesday that Ticketmaster executives and employees repeatedly used stolen passwords to unlawfully access computers belonging to an unnamed rival company in an effort to “choke off” its business and lure major clients away.

A source familiar with the matter said that the rival company involved is Songkick, a startup which specialized in artist presales, where a percentage of tickets were set aside in advance of general ticket sales in an effort to reduce scalping. In addition, Songkick offered an Artist Toolbox, a password-protected app which provided real-time data about tickets sold through the company.

According to Reuters, Live Nation acquired Songkick’s technology assets and patent portfolio in 2018 as part of a $110 million settlement to resolve an antitrust lawsuit. The Wall Street Journal reported that Songkick merged with a company called Crowdsurge in 2015 prior to Live Nation’s acquistion.

The source identified one of the employees involved in the alleged scheme as Stephen Mead, a former Crowdsurge employee who began work with Live Nation in 2013.

During Mead’s time with Ticketmaster, he shared URLs with Zeeshan Zaidi, the former head of Ticketmaster’s Artist Services division, and other employees in order to illegally monitor draft ticketing webpages designed by Crowdsurge. Mead explained to Ticketmaster executives that “store ID” numbers in the URLs could allow the company to learn which artists planned to use the webpages to sell tickets.

In May 2014, Mead provided a demonstration to Ticketmaster executives during an Artist Services Summit using login information he had retained from his time at Crowdsurge. Mead also provided Zaidi and other Ticketmaster executives with internal and confidential financial documents from the company.

Around January 2015, Ticketmaster offered Mead a pay raise and promoted him to director of client relations. Mead proceeded to help Ticketmaster maintain a spreadsheet that listed every webpage that could be located, which would then be used in an effort to ‘dissaude’ artists from using Songkick’s services. Ticketmaster employees continued to access password-protected Songkick Toolboxes through December 2015.

A Ticketmaster spokesperson said that both Mead and Zaidi were terminated in 2017 after their conduct came to light.

“Their actions violated our corporate policies and were inconsistent with our values,” the spokesperson added. “We are pleased that this matter is now resolved.”

Zaidi plead guilty in a related case to conspiring to commit computer intrusions and wire fraud based on his participation in the same scheme. He has not yet been sentenced.

In addition to paying the fine, Ticketmaster must also report to the United States Attorney’s Office annually during the three-year term of the agreement on new compliance measures, which include maintaining clear policies to detect and prevent unauthorized computer intrusion.

If Ticketmaster breaches the agreement, the company will face prosectuion for the computer intrustion and fraud charges.