Warner Music Group “Skimming” Data Breach Class Action

Warner Music Group (WMG) Corporation is one of the “big three” recording companies in the US and is a major recording company worldwide, the complaint for this class action says. However, between April 25, 2020 and August 5, 2020, it was the victim of a data breach, which the complaint alleges stemmed from “its negligent failure to properly safeguard the information of its customers.”

The class for this action is all persons or business entities in the US whose PII was entered on websites operated by WMG that were compromised due to the data breach.

Plaintiff Nicholas Cimaglio made a purchase on the www.greenday.com website, which is owned and operated by WMG. In the process, he had to give the company his personally identifying information (PII), including his name, address, telephone number, and payment card information.

By August, he’d become the victim of identity theft, which he believes is due to WMG’s data breach.

WMG’s policy, as quoted in the complaint, promises that WMG uses “reasonable physical, technical and administrative measures to protect Personal Information under our control.”

However, the complaint alleges that its measures were insufficient to protect customers from the exposure of their PII in the data breach.

According to the complaint, the data theft was performed through a “skimming attack” on websites operated by WMG: “In other words, hackers implanted virtual software on the checkout pages of WMG’s website, which allowed the unauthorized third party to acquire a copy of the PII entered by customers in WMG’s websites.”

The attack exposed included payment card details, such as card numbers, CVC and CVV numbers, and expiration dates.

WMG, the complaint says, “began mailing out letters to affected individuals in September 2020. Upon information and belief, as of the date of this Complaint, not all individuals have received their notice letter of the data breach.”

The complaint alleges that WMG’s failures include the following:

Failure to maintain appropriate safeguards and systems to prevent attacks, including the failure to encrypt PII on its checkout page.

Failure to detect the breach in a timely manner, until almost four months after it began.

The complaint alleges that WMG is guilty of negligence, negligent misrepresentation, negligence per se (for violation of the Federal Trade Commission Act), and breach of contract, as well as violations of New York’s General Business Law’s prohibitions against false advertising and deceptive business practices in the conduct of any business or trade.

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

Warner Music Group “Skimming” Data Breach Complaint

September 30, 2020

Warner Music Group (WMG) Corporation is one of the “big three” recording companies in the US and is a major recording company worldwide, the complaint for this class action says. However, between April 25, 2020 and August 5, 2020, it was the victim of a data breach, which the complaint alleges stemmed from “its negligent failure to properly safeguard the information of its customers.”

Warner Music Group “Skimming” Data Breach Complaint

Case Event History

Warner Music Group “Skimming” Data Breach Complaint

September 30, 2020

Warner Music Group (WMG) Corporation is one of the “big three” recording companies in the US and is a major recording company worldwide, the complaint for this class action says. However, between April 25, 2020 and August 5, 2020, it was the victim of a data breach, which the complaint alleges stemmed from “its negligent failure to properly safeguard the information of its customers.”

Warner Music Group “Skimming” Data Breach Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy