Online Ticketing Platform’s Data Breach Failures ‘Egregious,’ Says Class Action

Online ticketing platform AudienceView failed to exercise “reasonable care” when it allowed hackers to access the “unencrypted and unredacted” personally identifiable information (PII) of its users in a February data breach, alleged plaintiff Jadyn Newman’s class action Thursday (docket 1:23-cv-03764) in U.S. District Court for Southern New York in Manhattan. Her complaint alleges AudienceView waited more than a month before it informed users of the data breach March 28. “In this era of frequent data security attacks and data breaches, particularly in the e-commerce industry,” AudienceView’s failures “are particularly egregious,” because this data breach was “highly foreseeable,” it said. “The risk of identity theft is not speculative or hypothetical but is impending and has materialized,” said the complaint. There’s evidence that Newman’s and class members’ PII “was targeted, accessed and disseminated” on the dark web, it said. Class members “suffered actual identity theft and misuse of their data” after the breach, it said. "There may be a time lag between when harm occurs versus when it is discovered, and also between when PII is stolen and when it is used," said the complaint. There's a strong probability "entire batches of stolen payment card information, full names, email addresses, and billing and shipping addresses have been dumped on the black market or are yet to be dumped on the black market," it said. The complaint seeks an order requiring AudienceView to delete, destroy and purge the PII of Newman and her class members unless AudienceView can provide the court "reasonable justification for the retention and use of such information when weighed against the privacy interests" of the company's users. AudienceView didn't comment Friday.