Taylor Swift Eras tour tickets stolen and resold by cybercrime crew, prosecutors say
A "cybercrime crew" stole nearly 1,000 concert tickets to the record-breaking Taylor Swift Eras Tour and other high-profile events on StubHub and then resold them for hundreds of thousands of dollars, New York prosecutors said.
The scheme involved people working in Kingston, Jamaica, for a third-party contractor partnered with StubHub, a ticket exchange and resale company, Queens District Attorney Melinda Katz announced Monday. The contractors allegedly stole ticket URLs and then emailed them to two co-conspirators in New York City's Queens borough, according to Katz.
The co-conspirators downloaded the tickets and resold them on StubHub at inflated prices for personal profit, Katz added. The crew raked in more than $600,000 for about one year.
The majority of the tickets stolen were for the highly coveted Eras Tour – which became the highest-grossing tour of all time after amassing over $2.7 billion in ticket sales last year. But the crew also stole tickets from other high-value events, such as Adele and Ed Sheeran concerts, NBA games, and the U.S. Open Tennis Championships, according to Katz.
Authorities in New York arrested two people involved in the scheme last Thursday, Katz said. Tyrone Rose, 20, of Kingston, Jamaica, and Shamara Simmons, 31, of the Jamaica neighborhood of Queens, were charged with second-degree grand larceny, first-degree and fourth-degree computer tampering, and fourth-degree conspiracy.
Rose and Simmons are expected to return to court on Friday, according to Katz. They each face a maximum sentence of three to 15 years in prison if convicted of the top count.
"According to the charges, these defendants tried to use the popularity of Taylor Swift’s concert tour and other high-profile events to profit at the (expense) of others," Katz said in a statement. "They allegedly exploited a loophole through an offshore ticket vendor to steal tickets to the biggest concert tour of the last decade and then resold those seats for an extraordinary profit of more than $600,000."
Katz added that the investigation remains ongoing to "determine the extent of this operation, including other potential co-conspirators." The district attorney's office encouraged any Queens resident who may have been a victim of a cybercrime to contact the office.
'Exploited a system vulnerability to fraudulently resell tickets'
The investigation revealed that between June 2022 and July 2023, about 350 StubHub orders that amounted to roughly 993 tickets were intercepted by two people working for Sutherland Global Services in Jamaica, according to Katz.
The Sutherland Global Services employees, identified as Rose and an unapprehended accomplice, allegedly used their access to StubHub's computer system to access a secure area for tickets already sold and queued to be emailed to the purchaser to download, Katz said.
Rose and his accomplice then redirected the URLs to the email accounts of Simmons and another New York accomplice who is now dead, according to Katz. The pair downloaded the tickets from the rerouted URLs and resold them on StubHub.
Katz said the overall proceeds from the scheme were valued at $635,000.
StubHub told Paste BN on Tuesday that the company identified all orders impacted by the scheme and either replaced or fully refunded the orders. The company noted that it also terminated its relationship with Sutherland Global Services.
"Upon discovering this criminal scheme, we immediately reported it to the third-party customer service vendor, Sutherland Global Services (SGS), as well as to the Queens District Attorney’s Office and Jamaican law enforcement," Mark Streams, chief legal officer at StubHub, said in a statement. "The individuals involved, employees of SGS, exploited a system vulnerability to fraudulently resell tickets. They were swiftly identified and terminated."
Charges follow ticket scam, security warnings
Monday's announcement follows recent warnings by ticket sale companies and marketplaces over potential scams and security issues.
Last May, entertainment company Live Nation said it found "unauthorized activity" in a third-party cloud database that contained Ticketmaster data. The company said it was investigating the data breach, in which a cybercrime group said it had stolen user data of over 500 million Ticketmaster customers, Reuters reported.
A lawsuit filed the following month accused the companies of negligence and allowing a third-party company to gain access to private information belonging to hundreds of millions of customers. The suit alleged that the information was listed for sale for $500,000 on the dark web.
Ticketmaster came under fire again in October when users claimed their concert tickets disappeared from their accounts, costing them thousands of dollars. The company blamed the incident on hackers.
"What we’re seeing is scammers accessing a fan’s email account," a Ticketmaster spokesperson told Paste BN at the time.
The spokesperson noted that users' passwords had not been exposed in the data incident earlier that year. The company advised users to protect themselves by "setting a strong unique password for all accounts – especially for their personal email which is where we often see security issues originate."
"Scammers are looking for new cheats across every industry, and tickets will always be a target because they are valuable, so Ticketmaster is constantly investing in new security enhancements to safeguard fans," Ticketmaster said in a statement.
Contributing: Jonathan Limehouse and Saleen Martin, Paste BN; Reuters