A number of e-commerce websites owned by Warner Music Group were targeted by “an unauthorized third party” earlier this year, who may have made off with customer payment card details.
The ‘card skimming’ attack took place between April 25, 2020 and August 5, 2020.
In a recent notice of the data breach sent to customers, Warner wrote: “On August 5, 2020, we learned that an unauthorized third party had compromised a number of US-based e-commerce websites WMG operates but that are hosted and supported by an external service provider. This allowed the unauthorized third party to potentially acquire a copy of the personal information you entered into one or more of the affected website(s) between April 25, 2020 and August 5, 2020.”
WMG added: “While we cannot definitively confirm that your personal information was affected, it is possible that it might have been as your transaction(s) occurred during the period of compromise. If it was, this might have exposed you to a risk of fraudulent transactions being carried out using your details.”
Warner has warned consumers that any personal information entered into one or more of the websites during the time period after they placed an item in their shopping cart was “potentially acquired by the unauthorized third party”.
These details could have included customer names, email addresses, telephone numbers, billing addresses and payment card details (including card number, CVC/CVV and expiration date).
The major music company told its customers: “We want to emphasize at the outset that keeping personal information safe and secure is very important to us, and we deeply regret that this incident has occurred.”
“We want to emphasize at the outset that keeping personal information safe and secure is very important to us, and we deeply regret that this incident has occurred.”
Warner Music Group
Warner has confirmed that those customers who paid via PayPal were not affected by the incident.
The company added in its notification: “Upon discovering the incident we immediately launched a thorough forensic investigation with the assistance of leading outside cybersecurity experts and promptly took steps to address and correct the issue. We also notified the relevant credit card providers as well as law enforcement, with whom we continue to cooperate.”
In addition, it is offering its customers identity monitoring services through Kroll for 12 months, free of charge.Music Business Worldwide