Former Ticketmaster CEO Sentenced for Hacking Rival CrowdSurge
A former Ticketmaster executive who illegally accessed a rival company’s computer servers to steal information has been sentenced.
British citizen Stephen Mead stole sensitive data from CrowdSurge – a smaller company he worked for – between 2013 and 2015. The New York Department of Justice said his actions directly contributed to the company’s collapse.
Mead pleaded guilty to conspiracy to commit computer intrusion into CrowdSurge in June. He has now been ordered to pay a $67,970 fine (around £52,000) and sentenced to a year of probation.
Court papers filed in the US state show Ticketmaster executives asked Mead to share “competitive intelligence” about the company.
Ticketmaster – which describes itself as the world’s largest entertainment ticketing platform – did not respond to the BBC’s request for comment.
Another former Ticketmaster executive, Zeeshan Zaidi, also pleaded guilty to conspiracy to commit computer intrusion and wire fraud in 2019. He has yet to be sentenced.
Mead was ordered to pay back the money he received when he left CrowdSurge, as well as a subsequent raise he received at Ticketmaster.
“We are providing consular assistance to a British man in the US and are in contact with local authorities,” a Foreign Office spokesperson told the BBC.
CrowdSurge — a website where artists can pre-sell tickets to fans — is a rival ticketing company to Ticketmaster, headquartered in London and with a US office in New York. US court documents say the company is worth an estimated $100 million.
Since 2010, Mead has been senior vice president of global operations and general manager of North America at CrowdSurge.
Court documents seen by the BBC state that when Mead left CrowdSurge in July 2012, he signed a “separation agreement” which stated he could not retain or share any confidential information – including customer lists and marketing strategies – with any third parties.
According to court records, the agreement also stipulated that Mead could not work for any other ticketing company for a year, and under the agreement, CrowdSurge paid Mead about $52,970.
But according to court records, he repeatedly violated the separation agreement.
In the summer of 2013, Mead was recruited by Ticketmaster’s parent company Live Nation to work in a division called TicketWeb.
CrowdSurge’s computer server logs show at least 25 instances of company data being accessed by computers with IP addresses registered to Ticketmaster and its affiliates in New York, San Francisco and Los Angeles, from August 2013 to December 2015, prosecutors said.
‘Cut CrowdSurge at the knee’
According to prosecutors, Mead shared CrowdSurge spreadsheets containing financial information and passwords without permission, and accessed competitive information about the company’s customers and technology at the request of Ticketmaster executives.
He also provided other Ticketmaster employees with information that would allow them to access password-protected CrowdSurge information. He advised them to “take screenshots of the system” and discuss “cutting[ting] “Cut off CrowdSurge from the start,” court documents say.
They also allege that on one occasion, at Zaidi’s request, Mead gave a presentation to at least 14 executives and employees of Live Nation and Ticketmaster, in which he used his CrowdSurge username and password to log into their websites without permission. During the presentation—which was projected onto a large screen in a conference room—Mead demonstrated one of CrowdSurge’s custom products called Artists’ Toolbox—a web-based data analytics package for music artists.
During his time working, Mead also shared real-time ticket sales data and the identities of the performers CrowdSurge worked with.
Ticketmaster used the information to plan competitive responses to gain advance ticket sales and comparison shopping for products and services, the Justice Department said. The department added that Mead’s actions resulted in monetary losses for CrowdSurge, “particularly significant in a highly competitive business environment.”
The article said Mead was then promoted to director of customer service in Ticketmaster’s artist services division in early 2015, reporting directly to Zaidi. He also received a raise.
Court records say Mead did not engage in criminal conduct to gain personal benefit from the scheme, beyond the benefits he received in improving his status and position at Ticketmaster.
CrowdSurge discovered Mead’s hacking after a former Ticketmaster executive started working for the company in 2015 and warned them to change the way they accessed their systems.
Live Nation and Ticketmaster terminated their contracts with Mead around October 2017.
Court records show that Mead left the United States in 2019 and returned to the United Kingdom. He was arrested in Italy earlier this year and extradited to the United States.
Legal action
In 2015, CrowdSurge’s parent company, Complete Entertainment Resources, filed a civil lawsuit against Ticketmaster, alleging that the company was a dominant player and had “attempted to undermine competition in the artist advance ticketing services market through various means.”
These actions included “blocking” many artists from working with SongKick—a company CrowdSurge merged with in June 2015—and using its market power to “force” them to work with Ticketmaster.
Ticketmaster and SongKick settled their legal dispute in 2018, resulting in Ticketmaster paying $110 million to SongKick’s owners and purchasing SongKick’s ticketing technology for an undisclosed amount.
Ticketmaster entered into a deferred prosecution agreement with the New York Department of Justice after pleading guilty to five fraud charges in 2020. The process involves a company reaching an agreement with prosecutors in which the company is charged with a crime but the proceedings are automatically suspended.
The ticketing giant was fined $10 million and agreed to “modify or maintain its existing compliance program as necessary and appropriate.”
The Department of Justice confirmed Ticketmaster has completed the terms of its deferred prosecution in July 2024.