The Shubert Organization, Inc. Data Breach

On January 19, 2026, The Shubert Organization, Inc. (“Shubert”) detected a brute-force attack on its Telecharge ticketing website. During this attack, an unknown cyber actor accessed certain Telecharge customer accounts without authorization. Shubert promptly secured its website, began investigating the incident, and initiated a review to determine which accounts were compromised.

Following a detailed investigation, Shubert confirmed that specific customers’ Telecharge accounts, and the information associated with them, were accessed during the event. The organization then took steps to deactivate the affected accounts and notify impacted individuals.

The Shubert Organization, founded in 1900, is one of the most influential theatre organizations in the United States. It operates numerous Broadway theatres, manages Telecharge (a major ticketing platform), and plays a central role in the live entertainment industry. Its operations include ticketing, theatre management, and the advancement of performing arts.

As part of its response, Shubert implemented additional security measures and began reviewing internal processes to prevent similar incidents in the future. Impacted individuals were also provided with resources to help safeguard their personal information, including identity protection guidance.

Shubert has advised all affected individuals to create new Telecharge accounts if they wish to continue using the service and to update passwords for any non‑Telecharge accounts where the same password may have been used. The company also included detailed instructions and recommendations for credit monitoring, fraud alerts, credit freezes, and steps to mitigate identity theft.

If you received a Data Breach Notification Letter from The Shubert Organization, Inc., it confirms that your information may have been accessed during this incident.

What information is involved in The Shubert Organization, Inc. Data Breach?

Compromised information may include:

Your Personally Identifiable Information (PII) includes details that can identify you. When organizations fail to protect this information, consumers are exposed to risks such as identity theft, financial fraud, and unauthorized account access.

While the notice does not specify access to medical information, any compromised PII can still be used by threat actors to impersonate victims, open fraudulent accounts, or conduct other forms of identity misuse.

Shubert recommends monitoring account activity, reviewing financial statements, and considering fraud alerts or credit freezes. Consumers are also entitled to free annual credit reports and may take advantage of federal and state identity theft support resources.

Residents of California are protected under the California Consumer Privacy Act (CCPA), which provides enhanced rights relating to the use, access, and protection of personal data. California residents also have protections under the Confidentiality of Medical Information Act (CMIA) when medical information is involved.

If you received a NOTICE OF DATA BREACH letter from The Shubert Organization, Inc., your personal information may be at risk and could be misused for identity theft or fraud.

Contact the Data Breach Attorneys at Emery | Reddy today for a Free Case Review.