Warner Music Group faces a class-action lawsuit following the months-long data breach which exposed customers’ personal information.
According to Infosecurity Magazine, two plaintiffs from Florida and Ohio have filed a lawsuit against the company. And accusing the firm of failing to protect and disclose the breach in a timely manner.
Warner Music Group is home to recording artists such as The Rolling Stones, Coldplay, Pitbull, and many other notable bands and artists.
Details of the Data Breach
Warner Music Group has been victimized by a web skimming or magecart attack which allowed hackers to insert malicious code to the website. According to ZD Net, this malicious code gives attackers access to company logs and customer details within payment forms.
Info Security Magazine states that the attack occurred within a period of three to four months, from April 25, 2020, to August 5, 2020.
Among the personally identifiable information obtained by hackers as a result of the magecart attack and data breach include unencrypted names, credit card numbers, and shipping addresses. In addition, telephone numbers, email addresses, billing addresses, card expiration dates, CVV, and CVC codes have also been exposed by the incident.
The music recording company only acknowledged and informed the public in September this year.
Class-Action Lawsuit Filed Over Data Breach
Bloomberg Law reports that Marysville, Ohio resident Levi Combs and Esteban Trujillo from Orlando, Florida filed a joint class-action lawsuit against the music recording company. Morgan & Morgan filed the lawsuit on behalf of the two plaintiffs last Friday, September 11, 2020.
Both Combs and Trujillo purchased goods from Warner Music Group’s website earlier this year, dating July 2020 and May 2020. The cards used by the plaintiffs were used by unknown third parties to make unauthorized purchases.
The plaintiffs were alerted of the incident upon receiving a data breach notice from at the start of the month.
In a statement, both Combs and Trujillo allege that Warner Music Group failed to “properly secure and safeguard personally identifiable information.”
Moreover, the lawsuit also alleges that the recording company “failed to provide timely, accurate, and adequate notice to plaintiffs and similarly situated WMG customers (‘Class Members’ that their PII had been stolen by hackers, and precisely what types of information were unencrypted and in the possession of unknown, unauthorized third parties.”
Attorneys John Morgan and Jean Martin said “the fact this breach allegedly went on undetected for more than three months demonstrates the alleged lack of care taken by Warner Media Group to secure its customers’ information.”