A former boss of Ticketmaster has been sentenced after pleading guilty to illegally accessing computer servers of a rival company and stealing sensitive business information.
In 2012, Stephen Mead left ticket company CrowdSurge, signing a $52,970 separation agreement promising not to keep or disclose confidential information from his former employer, such as client lists, passwords, marketing strategies, and financial data.
However, after later joining Ticketmaster, Mead shared usernames and passwords with his new colleagues which enabled them to illegally access CrowdSurge's network and sensitive business information.
According to the Department of Justice, Mead instructed his co-workers to "screen-grab the hell out of the system" but cautioned, "I must stress that as this is access to a live tool I would be careful in what you click on as it would be best not [to] giveaway that we are snooping around.”
In a particularly audacious move, at an Artist Services Summit in San Francisco, Mead brazenly accessed a password-protected area of Crowdsurge’s systems using stolen credentials during a presentation. The illegal access was projected on a conference room's screen in front of at least 14 Live Nation and Ticketmaster employees.
CrowdSurge only discovered that Mead was hacking its systems after a former Ticketmaster executive came to work for the company in 2015, and advised them to review their security.
Crowdsurge merged with concert ticket firm Songkick in 2015, and in 2018 Live Nation – the parent company of Ticketmaster – agreed to acquire Songkick’s parent company as part of a $110 million settlement to resolve a lawsuit that alleged Ticketmaster had “attempted to destroy competition in the artist pre-sale ticketing services market in a number of different ways”.
Ticketmaster was ultimately fined US $10 million for repeatedly accessing its competitor’s computer systems.
British-born Mead had lost his job at Live Nation and Ticketmaster in late 2017, and returned to the UK. Earlier this year he was arrested in Italy and extradited to the United States.
After entering a guilty plea to charges earlier this year, Mead has now been ordered to pay $67,970 in forfeiture, and sentenced to one year’s supervised release.
Another former Ticketmaster executive, Zeeshan Zaidi, had also pleaded guilty to charges related to the hacking of CrowdSurge, but is yet to be sentenced.
Remember, your employees often have privileged access to sensitive company information and data.
You cannot just rely on confidentiality agreements to protect your business after employees leave a business. It is crucial to implement robust security practices, including mandatory password changes upon termination, to reduce the risk of data breaches and unauthorised access.
tags
Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.
View all postsNovember 14, 2024
September 06, 2024