Roslyn Layton highlights a recent data breach that exposed the personal information of millions of customers, including those who never directly used Ticketmaster’s services, underscoring concerns about the company’s data collection practices and market dominance.

The United States Department of Justice (DOJ), along with a bipartisan group of 30 state and district attorneys general, recently filed an antitrust lawsuit against Live Nation Entertainment and its wholly-owned subsidiary, Ticketmaster for “monopolization and other unlawful conduct that thwarts competition in markets across the live entertainment industry.” The complaint asserts, “As a result of its conduct, music fans in the United States are deprived of ticketing innovation and forced to use outdated technology while paying more for tickets than fans in other countries.”

On May 20, Live Nation disclosed unauthorized access to its database. The intruding hackers, reportedly the organized crime group ShinyHunters, subsequently tried to sell the data of 560 million Ticketmaster and competitors’ customer accounts (including credit card information) on the dark web. ProMarket has covered many angles of the antitrust action against Live Nation-Ticketmaster including a summary of the case, a rebuttal of critiques of the case, a discussion of Congress’ Fans First Act , and other analyses. This article explores the security vulnerabilities of Live Nation-Ticketmaster exposed by the recent hack.

The DOJ claims that Live Nation-Ticketmaster’s business tactics have harmful effects on competition and consumers; the ShinyHunters attack shows how the firm’s business tactics have made the online customer base an increasingly potent attack surface.

Customer data is a valuable commodity, which is why the hackers try to sell the stolen information. Live Nation also recognizes the importance of customer data and prioritizes its acquisition. Reliable, voluminous data are vital for effective marketing and increased revenue. Live Nation’s CEO has recognized as much, saying, “No one has 80 million customers segmented in a database as rich as ours […] that audience and that platform is really the key, unique part of our business.”

Most companies collect customer data. That isn’t a crime. But Live Nation has adopted creative ways to collect not only their own customers’ data, but also the customer data of their competitors. The undiscussed element of the DOJ’s lawsuit against Live Nation is that the company’s size jeopardizes consumers’ data safety.  Ticketmaster uses technology known as “SafeTix” to encrypt mobile tickets. The company markets this system as a tool to prevent fraud. But for consumers who purchase resale tickets on the secondary market, it introduces unneeded friction that causes inconvenience while allowing Ticketmaster to collect their data.

The DOJ’s lawsuit introduces a scenario that occurs for most transitions in resale: “If a ticket holder wants to sell or otherwise transfer a SafeTix-encrypted ticket, both the ticket holder and the purchaser must create Ticketmaster accounts (thereby providing Ticketmaster with their data), download the Ticketmaster app, and wait for Ticketmaster to determine when or whether the transfer can be completed.”

This means that even if the transaction occurred on a competing platform, and even if the new buyer has never used Ticketmaster in her life, she still needs to create a Ticketmaster account and give Ticketmaster her personal information just to receive her ticket.

The DOJ cites internal Ticketmaster documents that say the company expected SafeTix to increase the “size/value of the TM database” by as much as 30 to 40 percent. The antitrust complaint says it’s one of several tactics that allow Live Nation “to both increase its bottom line and further entrench its positions across the live entertainment industry.”

The Ticketmaster data breach shows that the company’s policy of inserting itself into competitors’ resale transactions not only reinforces its market position, but also jeopardizes consumers’ personal information. In fact, the lawsuit calls out that the company’s dominance leads to “diminished incentive to innovate,” that ominously put, “can manifest in real ways.”

Live Nation possesses the data of millions of people, including ticket buyers who have never purchased from Ticketmaster. The information is valuable to the company, but there’s no valid reason for them to have it given the transaction was that of a Ticketmaster competitor. More details will likely emerge, but it is possible the hack of Ticketmaster has exposed the personal information of people who have never paid Ticketmaster a penny.

The timing of the hack reinforced the DOJ’s concerns with Live Nation’s business practices and their effects on the live events market. These practices form the core of the complaint’s basis.

Chief among them is the use of threats and retaliation. The complaint alleges Live Nation successfully threatened financial retaliation against a company unless it stopped trying to compete in concert promotion. It also says Live Nation threatened and retaliated against venues for using competing promoters or ticket providers.

In one cited example, Live Nation deliberately undermined a competitor’s concert. TEG, a competing artist promoter, had agreed to use a rival ticketer for some of its concerts. In response, when TEG had a concert at a Live Nation-affiliated venue, Live Nation refused entry to fans who had purchased tickets from the rival ticketer.

It’s one example of the hardball tactics the DOJ lays out in its filing. Aside from the audacity, what’s interesting is the documented history of Live Nation using these practices—despite previous reprimands from the federal government.

In 2019, the DOJ extended its existing legal agreement with Live Nation after determining the company had violated it by threatening and retaliating against venues in “numerous instances.”  Now, five years later, the DOJ has found Live Nation’s tactics continue despite repeated directives to stop the threats and retaliation.

The result of years of Live Nation’s anticompetitive ways is a highly consolidated primary ticketing market with little competition. Live Nation controls roughly 80 percent of the primary ticketing at major concert venues, and exclusionary agreements coupled with threats limit the entrance and growth of competitors.

Live Nation’s major presence in one market segment reinforces its presence in others. The company continues to acquire venues and competitors, grow its share of the secondary market, and reinforce its position as the world’s largest concert promoter. It’s what both Live Nation and the DOJ call the company’s “flywheel,” whereby one line of business supports another. Consumers benefit from such network effects, but they can also be harmed by excessive data collection practices, as this case demonstrates.

The DOJ should pursue its investigation of potential collusion to divide markets and anti-competitive tying practices. Breaking up the company, however exciting a political headline, is fraught with uncertainty, takes time, and doesn’t necessarily achieve the desired outcome. Moreover, a breakup doesn’t stop the practices today which put users’ data at risk. If the DOJ’s concerns prove true, fines and criminal prosecution are in order and are the quicker way to ensure safety and justice.

The author reports no conflict of interest.

Articles represent the opinions of their writers, not necessarily those of the University of Chicago, the Booth School of Business, or its faculty.