Eventbrite is facing a class-action lawsuit over the hacking of Ticketfly that took place in June.
The cyber-attack forced the Eventbrite-owned firm to remain offline for more than four days, affecting millions of customers and thousands of venues and events operators.
A lawsuit filed with the courts in Illinois last week states that “despite the fact Eventbrite was storing sensitive information that it knew was of value to, and vulnerable to, cyber attackers, Eventbrite failed to take basic security precautions that could have prevented the disclosure of its customers’ personally identifiable information”.
A week after the hack, with its services resumed, a spokesperson said: “Last week Ticketfly was the target of a malicious cyber attack. In consultation with third-party forensic cybersecurity experts we can now confirm that credit and debit card information was not accessed. However, information including names, addresses, email addresses and phone numbers connected to approximately 27 million Ticketfly accounts was accessed”.
The firm was reportedly warned by the person who claimed to be the hacker that it had a vulnerability that allowed him to access the firm’s entire database and website.
Those claims are specifically cited in the lawsuit, which states that: “On information and belief, Eventbrite was notified by the hackers prior to the data hack that its IT systems contained a vulnerability. Nonetheless, Eventbrite failed to take reasonable measures following such communication to either discover and mitigate the vulnerability or follow-up with the source of the communication.”