Even though most concerts, sports, arts, and theater events aren’t happening right now, Ticketmaster remains relevant, but not for good reason.
In 2012, Stephen Mead, a former CrowdSurge employee, joined competitor, Ticketmaster. Mead signed a separation agreement, but it didn’t stop him and his new teammates from committing criminal acts against his former company.
As a Ticketmaster employee, Mead shared client lists, passwords, marketing strategies, and sensitive financial information of CrowdSurge to benefit Ticketmaster’s business plan. Mead’s team of employees got access to draft ticketing web pages in efforts to steal high-profile clients and gain a sales advantage by comparing numbers.
Mead encouraged his teammates to screenshot as much information as possible when on CrowdSurge’s systems. For over two years, Ticketmaster personnel entered CrowdSurge’s systems undetected.
CrowdSurge failed to change passwords after Mead left the company. As a result, Mead was faced with temptation that led to unlawful decisions. A separation agreement isn’t enough, because the damage was done. It is important organizations take the proper termination steps to protect themselves from compromise and avoid filing lawsuits.
CrowdSurge later merged with Songkick and went bankrupt before completely shutting down in 2017.
US prosecutors became aware of the criminal activity in 2015 and charged Ticketmaster with criminal counts such as wire fraud and conspiring to commit computer intrusion. Ticketmaster was also slapped with a $10 million fine and now have to follow a “compliance and ethics program designed to prevent and detect violations”. The ticket sales giant will also have to report the compliance measures they’ve advanced to the U.S. Attorney’s Office for the next three years.
Insider threats can critically hurt your systems the way the average threat actor can, so one way to combat this is to utilize a password manager, like LastPass, where executives have the authority to close an account when needed to protect their environment.
In addition, when organizations partner with a cybersecurity company like SpearTip, logs are monitored 24/7/365. Threats come in many forms, one being former employees, or insiders. SpearTip’s ShadowSpear® Platform has been proven to prevent the advanced malware too. Not only does ShadowSpear® prevent malicious encryption, but also would have detected and prevented the activity that allowed Mead full access to the environment. Our professional, certified cybersecurity engineers protect environments and deploy our proprietary tool, ShadowSpear® when an environment is under attack.