Coachella / Stagecoach Security Incident FAQ
Overview of Situation
What happened?
We recently learned that an unauthorized third-party illegally gained access into the database containing information provided in connection with the Coachella and Stagecoach music festivals. Upon learning of the intrusion, the company immediately opened an investigation, notified law enforcement and engaged a leading forensic IT firm to remediate the situation. The company is providing notice to individuals that may have been affected by the incident, which previously was reported in the media.
What information was accessed/affected?
Based on the investigation, we have determined that the unauthorized third party may have accessed the personal information of some Coachella and Stagecoach attendees, as well as people who registered on the Coachella.com website. Information accessed may include some combination of their first and last names; Coachella.com usernames; email addresses; mailing address; birth dates; and phone numbers (if provided). Additionally, the intruder gained access to a limited number of driver’s license numbers, passport numbers, or other ID numbers that customers may have used to claim wristbands in person at one of the festivals. It is important to note that, based on the current review, there is no indication that customer payment or financial information, or passwords were accessed.
When did you first learn about the incident?
We learned recently about the incident and quickly took measures to block further unauthorized access, and reported the matter to the appropriate authorities for further investigation.
How did this happen?
In today’s cyber security environment, even companies with sophisticated data security infrastructure are targeted by attacks. Goldenvoice and The Coachella Valley Music and Arts Festival and the Stagecoach festival remain committed to maintaining the privacy and security of their customers’ personal information and have put in additional data security measures to help strengthen data protection.
Have you notified law enforcement of this incident?
Yes. After learning about the incident, we promptly took measures to block further unauthorized access, and reported the matter to the FBI for further investigation.
Has the issue been fixed?
Yes. The security vulnerability was remediated and the incident has been fully contained.
I recently read that Coachella/Goldenvoice experienced a data breach. Is this a second breach or the same one I read about?
This is the same incident that was recently reported about in media stories.
Customer Notification & Protection
What was your process for notifying people?
We learned recently about the incident and began notifying anyone impacted by this issue as soon as we fully understood the situation. A small portion of customer data records accessed required additional analysis and, now that it is complete, we are sending notifications to this final group.
I understand that there has been a breach but I didn’t receive any notification?
We have notified all impacted customers who may have been affected by this issue by sending an email to the email address we had in our records, or by sending a letter via U.S. mail to people for whom we have a mailing address in our records. If you have not received either of these notifications, then either (a) your information was not stolen, (b) we don’t have an email or mailing address for you, or (c) perhaps your contact information in our records is outdated. If you think you were potentially impacted and would like us to send you the notification, please send a request by email to info@coachella.com. And if you’d like more information on how to protect your information, we’d be happy to provide that too.
Is there anything I need to do?
Yes. Please be aware that you may be targeted by phishing emails sent from people impersonating Goldenvoice, Coachella or Stagecoach personnel. Please remember that Goldenvoice, Coachella or Stagecoach will never solicit personal information or account information from you via email. Please exercise caution if you receive any emails or phone calls that ask for such information, or direct you to web sites where you are asked for personal or financial information.
Additionally, consider taking a moment to change any old, reused, or insecure passwords and remember to follow recommended security practices when managing your online accounts.
How do I sign up for identity protection services?
If you received an email/letter noting that you were eligible to receive identity protection services, you may sign up by:
- Visiting GV.allclearid.com and registering online
- Calling 1-855-263-7376
I heard that some people were being offered identity protection services but I didn’t get that offer. Why the difference?
The data accessed for the majority of customers contained information that was determined to carry a low risk profile for identity theft. For individuals where a form of identification was accessed, it was determined that identity protection services are warranted.
Will you cover any extra costs associated with me having to protect my accounts/identity?
For a limited number of customers who may have had their driver’s license or other identification document accessed, we are providing one year of complimentary identity theft protection services through AllClear ID. We are not compensating customers for additional costs.
Am I a victim of identity theft?
We know of no reports of identity theft or other fraud related to this incident. However, if you had an ID in our database, we recommend you take advantage of our offer to receive one year of complimentary identity theft protection services.
Was my Coachella or Stagecoach ticketing account impacted?
Festival ticketing purchase accounts were not affected by this incident; however, festival attendees may want to consider changing any passwords that they have shared with others, as a general precaution.
I have tickets to the 2017 Coachella or Stagecoach festival. Has my ticket purchase information been accessed or is there anything I need to do?
No ticket purchase information for the 2017 festivals has been accessed and there is nothing you need to do in this regard.
Will this incident impact any other Goldenvoice shows or festivals?
No. Other Goldenvoice shows or festivals have not been impacted as a result of this incident.
Was my credit card information stolen?
No. Based on our investigation, no financial information was accessed.
Am I safe to use my payment card to purchase things at the festivals? (e.g. food, beverage, merchandise)
Yes, no payment card information was accessed in this security incident. No shows or festivals in the future have been impacted as a result of this incident.
What should I do if I receive an email from Coachella or Stagecoach asking for my personal information?
Coachella or Stagecoach will never solicit personal information or account information from you via email. Please exercise caution if you receive any emails or phone calls that ask for such information, or direct you to web sites where you are asked for personal or financial information.