Live Nation Entertainment, also known as Ticketmaster, has submitted an official Form 8-K with the U.S. Securities and Exchange Commission (SEC), acknowledging and confirming that the recently rumored data breach is real.
In the filing (which can be seen here), Ticketmaster says that on May 20, 2024, Live Nation Entertainment, Inc. discovered unauthorized activity within a third-party cloud database environment that
Access was gained through a third-party cloud database provider, which we know to be Snowflake.
To put it bluntly, a single credential resulted in the exfiltration of potentially hundreds of companies that stored their data using Snowflake, with the threat actor himself suggesting 400 companies are impacted. The goal of the threat actor, as in most cases, was to blackmail Snowflake into buying their own data back for $20,000,000.
Santander, a major financial organization, had been breached, and all customer data was offered for sale: the price was $2 million.
Uh huh. A bank. So probably a lot of companies with important stuff.
goes to Snowflake website
Ah, they have a “customer” section that lists some customers with 202 entries.
Pfizer. Sainsbury’s. PlayStation. AT&T. Euintelsat OneWeb (that’s the sorta-kinda Starlink competitor). NHS Greater Manchester Integrated Care Partnership. Freddie Mac (large US government-backed mortgage lender). Capital One, a bank. Anthem, a major health insurer. A bunch of California government institutions. NatWest, a bank. Western Union. Vimeo. Siemens. Comcast. Cedar Health, a company that provides healthcare billing services. Aflac, an insurance company.
Yup, sounds like this isn’t good.
Well, I’ve said before that it’d probably take some kind of really catastrophic computer security event for things to change.
The cyber insurance market has already hardened a lot over the last few years. It was just starting to ease up but I’m guessing this will cause even stricter underwriting requirements.
Uh huh. A bank. So probably a lot of companies with important stuff.
goes to Snowflake website
Ah, they have a “customer” section that lists some customers with 202 entries.
Albertsons looks like the first.
https://www.snowflake.com/en/customers/all-customers/
Pfizer. Sainsbury’s. PlayStation. AT&T. Euintelsat OneWeb (that’s the sorta-kinda Starlink competitor). NHS Greater Manchester Integrated Care Partnership. Freddie Mac (large US government-backed mortgage lender). Capital One, a bank. Anthem, a major health insurer. A bunch of California government institutions. NatWest, a bank. Western Union. Vimeo. Siemens. Comcast. Cedar Health, a company that provides healthcare billing services. Aflac, an insurance company.
Yup, sounds like this isn’t good.
Well, I’ve said before that it’d probably take some kind of really catastrophic computer security event for things to change.
The cyber insurance market has already hardened a lot over the last few years. It was just starting to ease up but I’m guessing this will cause even stricter underwriting requirements.