US ticketing site sued after data belonging to 27 million customers was stolen.

Eventbrite is facing a class action lawsuit over a cyber-attack on its subsidiary website Ticketfly, which exposed the details of up to 27 million users.

The website was compromised by unknown hackers at the end of May, who left the ticketing site’s homepage defaced with the message: ‘Your Security Down im (sic) Not Sorry’.

Ticketfly admitted that “some client and customer information” had been compromised, and later said that this figure was close to 27 million.

Now, the US company is facing further drama as angry victims launched a class action lawsuit last week.

The suit reportedly states that Eventbrite ‘failed to prevent, detect, or otherwise act in a reasonable manner or within a reasonable time’ with regards to the breach.

It also alleges that information including names, phone numbers, passwords, email addresses, and home addresses were accessed in the hack.

The plaintiff, reported to be a woman named Shanice Kloss, claims that Eventbrite did not put adequate safety measures in place in an effort to save money.

Eventbrite has not yet commented on the lawsuit.

So far, the culprit has not been formally identified, and in a message to Ticketfly named themselves only as ‘IsHaKdZ’.

The hackers spoke to Motherboard in June and alleged that they had reached out to Ticketfly alerting them of a vulnerability and demanded one bitcoin in exchange for details.

Ticketfly failed to respond to emails, the hackers said, leading to the attack.