Class action lawsuit for data misuse filed against cloud-based storage company blamed for Ticketmaster leak

A California woman has filed a class action data breach lawsuit against Snowflake, Inc., a cloud-based server company that was recently hacked, stealing the data of more than half a billion Ticketmaster customers.

In June, Live Nation, the parent company of Ticketmaster, confirmed that hackers had managed to access the data of over 560 million customers and sell the personally identifiable information (PII) on the dark web.

The Ticketmaster data breach affected customers’ names, home addresses, emails, phone numbers, ticket purchases and some credit information. However, according to information released since the original announcement, Ticketmaster or Live Nation’s servers were not hacked, but rather the data was stolen from Snowflake, which stores online data for numerous other companies.

According to the lawsuit and various news reports, Ticketmaster is just one of several companies that were hacked after entrusting Snowflake with confidential customer information.

Allegations related to the Snowflake data breach

While most of the lawsuits filed since the Ticketmaster data breach have been against Live Nation itself, a lawsuit filed last week by Madalena Bowers in the U.S. District Court for Montana (PDF) names Snowflake, Inc. as the sole defendant.

With her lawsuit, she is seeking a class action lawsuit to seek damages on behalf of all victims of data theft caused by Snowflake’s cloud storage systems, which were allegedly not provided with adequate security. In addition to the data theft at Ticketmaster, hacker attacks on Snowflake have also been linked to a data theft at Advanced Auto Parts. In addition, hackers are also said to have accessed data from the Australian ticket provider Ticketek in late June.

Bowers’ lawsuit alleges that poor security at Snowflake increased the risk of financial loss and identity fraud for hundreds of millions of consumers worldwide.

“The notorious hacking group known only by its alias ‘ShinyHunters’ claimed to have stolen 1.3 terabytes of personal data and was reportedly willing to sell or had already sold that information to nefarious dark web users for $500,000,” Bowers’ lawsuit states. “This data breach occurred because Snowflake enabled an unauthorized third party to access and retrieve the private information of former and current Ticketmaster and Live Nation customers from Ticketmaster’s systems managed by Snowflake.”

Lawsuits over data theft at AT&T

Snowflake also stores data for MasterCard, Novartis, PepsiCo, Allstate Insurance, Capitol One, Jet Blue, Progressive, State Farm, NBC Universal, and AT&T. It is unclear whether Snowflake was involved in the recently disclosed AT&T data breach, which was also linked to ShinyHunters and exposed the personal information of more than 70 million customers.

The breach likely occurred in 2021, but AT&T only admitted it in March of this year. Millions of customers were now left desperate to protect themselves from identity fraud after their personal information had already been published on the dark web.

Since this revelation, a growing number of lawsuits alleging data breaches against AT&T have been filed in courts across the country, both by individuals who have actually been victims of identity fraud and by class action lawsuits filed by concerned customers.