Warner Music Group E-Commerce Site Data Breach Class Action

The third-largest company in the worldwide music business, says the complaint for this class action, is Warner Music Group Corporation (WMG), which has revenues of almost $4.5 billion. It sells its products through various e-commerce sites, which use WMG’s own payment system and are serviced by an external provider. Unfortunately, the complaint alleges that WMG failed to take adequate measures to keep customers’ personally identifying information (PII) safe, as an unknown party was able to access its websites in the spring and summer of 2020.

The class for this action is all individual living in the US who bought something on WMG’s e-commerce websites between April 25, 2020 and August 5, 2020.

WMG is reputed to represent some 60,000 artists and to operate in around fifty countries around the world. It sells music and music-related products at its many websites. The complaint alleges, “As a sophisticated multi-billion[-]dollar entity, WMG had both the duty and the financial resources to provide secure platforms for its customers to make purchases.”

But around September 2, 2020, customers who shopped at the sites received notice that their PII had been compromised in a “months-long magecart attack,” the complaint says. It defines “magecart” as “a loose affiliation of hackers/identity thieves that specialize in cyberattacks involving digital credit card theft by skimming online payment forms.” They then sell the stolen information on the dark web.

According to the complaint, the data breach took place over a period of more than three months. The stolen information included names, e-mail addresses, telephone numbers, billing and shipping addresses, and payment card details, including card numbers, CVV numbers, and expiration dates.

However, the complaint claims that WMG is not telling everything it knows about the problem. For one thing, it has not revealed which of its sites were affected. This makes it difficult for customers to know if their data was stolen or not. The complaint quotes an article on the attack as saying, “When asked, the WMG spokesperson declined to name the e-commerce sites affected in the attack, saying that the company ‘isn’t commenting further than the statement.’”

Also, it waited almost a month before announcing the data breach, even though the FBI’s 2019 Internet Crime Report says that “rapid reporting can help law enforcement stop fraudulent transactions before a victim loses [] money for good.”

The complaint charges, “WMG failed to utilize reasonable security procedures and practices to detect data intrusions, which allowed hackers to steal payment and personal information for approximately four months without internal detection. The extremely long duration of the data breach without any detection by WMG shows WMG’s data security practices were and are grossly inadequate.”

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

Warner Music Group E-Commerce Site Data Breach Complaint

October 26, 2020

The third-largest company in the worldwide music business, says the complaint for this class action, is Warner Music Group Corporation (WMG), which has revenues of almost $4.5 billion. It sells its products through various e-commerce sites, which use WMG’s own payment system and are serviced by an external provider. Unfortunately, the complaint alleges that WMG failed to take adequate measures to keep customers’ personally identifying information (PII) safe, as an unknown party was able to access its websites in the spring and summer of 2020.

Warner Music Group E-Commerce Site Data Breach Complaint

Case Event History

Warner Music Group E-Commerce Site Data Breach Complaint

October 26, 2020

The third-largest company in the worldwide music business, says the complaint for this class action, is Warner Music Group Corporation (WMG), which has revenues of almost $4.5 billion. It sells its products through various e-commerce sites, which use WMG’s own payment system and are serviced by an external provider. Unfortunately, the complaint alleges that WMG failed to take adequate measures to keep customers’ personally identifying information (PII) safe, as an unknown party was able to access its websites in the spring and summer of 2020.

Warner Music Group E-Commerce Site Data Breach Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy