fbpx

Warner Music Group Exposure of Customer PII California Class Action

Warner Music Group (WMG) is “a multinational entertainment and record label conglomerate … and the third largest recording company in the global music industry.” So states the complaint for this class action, in describing the defendant in this case. And yet, for all its size and reach, the complaint contends, it did not take adequate measures to protect the private identifiable information (PII) of the customers who make purchases on its website, leading to a data breach between April 25 and August 5, 2020.

The class for this action is all persons who, while living in California, were customers of e-commerce websites operated by Warner Music Group between April 25, 2020 and August 5, 2020.

The complaint quotes the notice of the data breach as saying that “a cybersecurity incident involving a number of e-commerce websites operated by Warner Music Group through an external service provider may have allowed an unauthorized third party to acquire a copy of personal information” that customers had entered into the websites between April 25 and August 5, 2020.

The information exposed potentially included names, addresses, and payment card details, including the card number, CVC/CVV, and expiration dates.

Although the attack took place between the April and August dates, the notice was not released until September 3, 2020. Furthermore, the complaint alleges that the notice did not contain “any specification regarding the nature of the cyberattack, which e-commerce websites were attacked, and how many customers may have been affected.”

The complaint alleges, “WMG merely explained that customers’ PII may have been exposed ‘after placing an item in [their] shopping cart[s].’” Nevertheless, the complaint says, the company “confirmed that the information could allow hackers and fraudsters to complete fraudulent transactions using the harvested customer PII.”

This is not the company’s first data breach. Three years ago, the company fell for a phishing scam that compromised 3.12 terabytes of internal data connected to Vevo, its “premium music video provider.”

WMG’s Privacy Policy promises to “use reasonable physical, technical and administrative measures to protect Personal Information under [its] control.”

However, the complaint alleges that WMG’s “wrongful actions and inaction directly and proximately caused the theft and dissemination into the public domain” of customers’ PIII. It says that the exposure of the PII “was a direct and proximate result of [WMG’s] failure to properly safeguard and protect [customers’] PII from unauthorized access, use, and disclosure, as required by their contracts” with customers and state and federal law.

The counts include breaches of contract, breach of the covenant of good faith and fair dealing, negligence, and violation of the California Consumer Privacy Act, among other things.

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

Warner Music Group Exposure of Customer PII California Complaint

December 31, 2020

Warner Music Group (WMG) is “a multinational entertainment and record label conglomerate … and the third largest recording company in the global music industry.” So states the complaint for this class action, in describing the defendant in this case. And yet, for all its size and reach, the complaint contends, it did not take adequate measures to protect the private identifiable information (PII) of the customers who make purchases on its website, leading to a data breach between April 25 and August 5, 2020.

Warner Music Group Exposure of Customer PII California Complaint

Case Event History

Warner Music Group Exposure of Customer PII California Complaint

December 31, 2020

Warner Music Group (WMG) is “a multinational entertainment and record label conglomerate … and the third largest recording company in the global music industry.” So states the complaint for this class action, in describing the defendant in this case. And yet, for all its size and reach, the complaint contends, it did not take adequate measures to protect the private identifiable information (PII) of the customers who make purchases on its website, leading to a data breach between April 25 and August 5, 2020.

Warner Music Group Exposure of Customer PII California Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy