Saturday, November 23, 2024

Former Ticketmaster boss sentenced for hacking rival company CrowdSurge

Must read

Getty Images The Ticketmaster logo is being displayed on a smartphone with the Ticketmaster web home page visible in the background, in this photo illustration in Brussels, Belgium, on June 2, 2024.Getty Images

A former Ticketmaster boss who illegally accessed a rival company’s computer servers to steal information has been sentenced.

British national Stephen Mead stole sensitive data from CrowdSurge – a smaller business he had previously worked for – between 2013 and 2015. His actions directly contributed to the company’s collapse, the Department of Justice, in New York, said.

Mead pleaded guilty to conspiracy to commit computer intrusions against CrowdSurge, in June. He has now been ordered to pay $67,970 as a forfeiture (about £52,000), and sentenced to a year’s supervised release.

Court papers filed in the US state Ticketmaster executives had asked Mead to share “competitive intelligence” about the company.

Ticketmaster – which describes itself as the world’s biggest entertainment ticketing platform – did not respond to the BBC’s request for comment.

Another former Ticketmaster executive, Zeeshan Zaidi, also pleaded guilty to fraud charges of conspiracy to commit computer intrusions and wire fraud in 2019. He is yet to be sentenced.

Mead was ordered to pay back a sum he received when he left CrowdSurge, as well as the pay rise he subsequently received at Ticketmaster.

A Foreign Office spokesperson told the BBC: “We are providing consular assistance to a British man in the US and are in contact with the local authorities.”

CrowdSurge – a website on which artists could sell pre-sale tickets to fans – was a rival ticketing company to Ticketmaster, with its headquarters in London and a US office in New York. US court documents say the company had an estimated value of more than $100m.

From 2010, Mead was CrowdSurge’s senior vice president for global operations and general manager for North America.

The BBC has seen court documents that state that when Mead left CrowdSurge in July 2012 he signed a “separation agreement”, which stated he must not retain or share any confidential information – including client lists, and marketing strategies – with any third party.

According to the court filing, the agreement also stipulated Mead should not work for another ticketing company for a year and, as part of the arrangement, CrowdSurge paid Mead approximately $52,970.

But he repeatedly breached the separation agreement, the court papers say.

By the summer of 2013, Mead was employed by Ticketmaster’s parent company, Live Nation, in a division called TicketWeb.

CrowdSurge computer server logs show at least 25 instances when its company data was accessed by computers with IP addresses registered to Ticketmaster and associated companies in New York, San Francisco, and Los Angeles, between August 2013 and December 2015, the prosecution stated.

‘Cut off CrowdSurge at the knees’

According to the prosecution, Mead shared CrowdSurge spreadsheets containing financial information and passwords without permission, and accessed competitive information about the company’s clients and technology at the request of Ticketmaster executives.

He also supplied other Ticketmaster employees with information that enabled them to access password-protected CrowdSurge information. He advised them to “screengrab the hell out of the system”, and discussed “cut[ting] off CrowdSurge at the knees”, court documents show.

They also state that on one occasion, at Zaidi’s request, Mead gave a presentation to at least 14 Live Nation and Ticketmaster executives and employees during which he used a CrowdSurge username and password to log in to their website without authorisation. During the presentation – which was projected onto a large screen in a conference room – Mead demonstrated one of CrowdSurge’s bespoke products called the Artists’ Toolbox – a web-based data analytics package for music artists.

During his employment, Mead also shared real-time ticket sales data and the identities of the performers CrowdSurge was working with.

The DoJ says the information was used by Ticketmaster to plan competitive responses to win pre-sale ticketing business and compare products and offerings. It added Mead’s actions led to monetary losses for CrowdSurge, which “were particularly significant in a highly competitive business environment”.

It says Mead was later promoted to become director of client services in Ticketmaster’s artist services division, in early 2015, reporting directly to Zaidi. He also received a pay rise.

Court documents say Mead did not engage in the criminal conduct to personally profit from the scheme, beyond the benefit he received by improving his standing and position within Ticketmaster.

CrowdSurge discovered Mead’s hacking after a former Ticketmaster executive started working for the company in 2015 and warned them to change how their systems could be accessed.

Mead’s employment was terminated by Live Nation and Ticketmaster around October 2017.

Court documents show Mead left the US in 2019 and returned to the UK. He was arrested in Italy earlier this year and extradited to the US.

Legal action

In 2015, CrowdSurge’s parent company, Complete Entertainment Resources, filed a civil lawsuit against Ticketmaster alleging it dominated the market and “attempted to destroy competition in the artist pre-sale ticketing services market in a number of different ways”.

These included “blocking” numerous artists from working with SongKick – a company CrowdSurge had merged with in June 2015 – and using its market power to “force” them to work with Ticketmaster instead.

Ticketmaster and SongKick settled their legal dispute in 2018, resulting in Ticketmaster paying $110m to the owners of SongKick and buying SongKick’s ticketing technology for an undisclosed amount.

Ticketmaster entered into a deferred prosecution agreement with the Department of Justice in New York after pleading guilty to five charges of fraud in 2020. This process involves a company reaching an agreement with a prosecutor, where the company is charged with a criminal offence but proceedings are automatically suspended.

The ticketing giant was fined $10m and agreed “where necessary and appropriate to modify or maintain its existing compliance program”.

The DoJ confirmed Ticketmaster completed the terms of the deferred prosecution in July 2024.

Latest article