More than 560 million Ticketmaster customers had their personal data stolen in the 2024 Snowflake data breach. Federal litigation (MDL 3126) is pending in Montana. We represent individual consumers in this case. No new intake — informational only.
We Represent Clients in This Litigation
Our firm represents individual consumer clients in MDL 3126, In re: Snowflake, Inc., Data Security Breach Litigation. This page is informational. We are not accepting new referrals regarding these defendants at this time. If you are an existing client and have questions, please contact your attorney directly.
In the spring and early summer of 2024, a threat actor subsequently identified as the hacking group ShinyHunters exploited a critical vulnerability in the way corporate clients of Snowflake, Inc. — a cloud data storage and analytics company — had configured their accounts. Snowflake allows large enterprises to store, manage, and analyze massive quantities of data in its cloud environment. Among its clients were some of the largest consumer-facing companies in the country.
The vulnerability the attackers exploited was both technically simple and alarmingly widespread: many Snowflake client accounts lacked multi-factor authentication (MFA). By obtaining employee login credentials through info-stealer malware — in some cases credentials belonging to former employees whose access had not been properly terminated — the attackers were able to log into corporate Snowflake environments and exfiltrate data at will. Snowflake’s position, contested by plaintiffs, has been that the breach resulted from compromised customer credentials rather than any failure of the Snowflake platform itself.
The breach affected an estimated 500 to 560 million individuals across multiple corporate clients, making it one of the largest data theft events in recorded history.
The Snowflake breach compromised data stored by multiple major companies. The defendants in MDL 3126 and the approximate scope of data exposed for each include:
Ticketmaster / Live Nation: Approximately 560 million customers’ personal data, including names, addresses, phone numbers, email addresses, and partial payment card data (card numbers, expiration dates). Approximately 1.3 terabytes of data was exfiltrated and reportedly offered for sale on the dark web for $500,000.
AT&T: Call and text records for virtually all AT&T wireless customers — approximately 110 million people — covering a period of approximately May to October 2022. While the content of communications was not exposed, the metadata revealed who communicated with whom, when, and for how long, including location data from cellular tower records.
Advance Auto Parts: Employee and customer data.
Cricket Wireless: Customer data.
The Neiman Marcus Group: Customer names, email addresses, dates of birth, gift card information, partial credit card numbers, and the last four digits of Social Security numbers.
Lending Tree / QuoteWizard.com: Consumer financial and contact data.
Lawsuits began within days of the first public breach disclosures. By July 2024, motions were pending before the U.S. Judicial Panel on Multidistrict Litigation to consolidate the growing wave of federal cases. On October 4, 2024, the JPML consolidated all federal actions into MDL 3126 — In re: Snowflake, Inc., Data Security Breach Litigation — before Chief Judge Brian Morris in the District of Montana. The selection of Montana reflected Snowflake’s principal executive office location and the fact that several of the earliest-filed cases were already pending there.
The MDL encompasses claims against Snowflake itself (for allegedly failing to require MFA and implement adequate security standards for its clients’ data) and against each of the corporate client defendants (for allegedly failing to implement adequate cybersecurity protections for the data they stored on the platform and failing to provide timely notice of the breaches).
Neiman Marcus settled. Neiman Marcus reached a $3.5 million class action settlement covering its data breach. The settlement received final approval at a hearing on October 23, 2025. The claims period for that settlement closed in October 2025.
AT&T claims stayed. AT&T has been engaged in separate settlement discussions, and the AT&T-related claims in the MDL have been largely stayed pending resolution of those proceedings.
Ticketmaster/Live Nation: active litigation, no settlement. Ticketmaster and Live Nation have contested the claims and have not reached a settlement. The MDL is in active pretrial proceedings including discovery, and motions to dismiss have been briefed and ruled upon in part. Ticketmaster continues to dispute that it was negligent and that class members suffered measurable harm.
Snowflake: no settlement. Snowflake disputes that the breach resulted from failures on its platform and continues to litigate.
Our firm’s position. We represent individual consumer clients whose data was compromised in the Snowflake breach. Our clients are part of the MDL proceeding and their claims are being pursued through the coordinated pretrial structure in the District of Montana.
Whether or not you are currently represented in this litigation, there are practical steps anyone whose data was compromised should consider: