Introduction
The event management industry is rapidly growing, projected to reach $1.7 trillion by 2029, driven by demand for live experiences, advancements in event technology, and the rise of virtual and hybrid events. While this transformation enhances engagement and experiences, it also introduces significant cybersecurity risks, making data security a priority for organizers.
Background
Ticketmaster, a global leader in event ticketing, manages millions of transactions annually and relies heavily on cloud-based services. This reliance enhances efficiency but increases vulnerability to cyber threats targeting sensitive customer data.
Attack
- On March 5, 2024, Ticketmaster detected a breach that began on February 28th.
- Attackers exploited a zero-day vulnerability in their 3rd party cloud payment gateway.
- Using advanced malware, attackers exfiltrated encrypted data such as credit card details and personal data to command-and-control servers, avoiding detection for a week.
- Using escalating privileges techniques, they were able to move across Ticketmaster’s cloud environment, targeting other connect systems.
Impact
- Immediate costs exceeded $150 million (forensics, legal fees, remediation).
- $300 million in lost revenue due to consumer distrust and canceled events.
- Customer trust eroded, leading to lawsuits, regulatory fines, and significant downtime in ticketing systems, disrupting sales and damaging reputation.