Warner Music Group Discloses Data Breach

Warner Music Group has issued a data breach notification following a prolonged skimming attack on an undisclosed number of its e-commerce websites.

The cyber-attack was discovered by the multinational entertainment and record label conglomerate on August 5, 2020. 

E-commerce websites that are hosted and supported by an external service provider in the US but operated by Warner were found to have been compromised by an unauthorized third party.

By installing data-skimming malware on the sites, the threat actor was able to access information being entered by customers.

Personal data compromised in the attack included names, email addresses, telephone numbers, billing addresses, shipping addresses, credit card numbers, card expiration dates, and CVC and CVV codes. 

The as yet unidentified cyber-criminal accessed Warner customers' personal information entered into the affected websites during transactions made between April 25, 2020, and August 5, 2020. Payments made through PayPal were reportedly not affected by this incident.

A data breach notice sent by Warner to the affected customers stated that "any personal information" customers had entered into the affected websites "after placing an item in your shopping cart was potentially acquired by the unauthorized third party."

Warner said that it was prompt to inform relevant credit card providers and law enforcement of the breach. The company has not yet disclosed how many customers were affected by the incident.

Affected customers have been offered 12 months of identity monitoring services free of charge by Warner. 

The cyber-attack comes three years after Warner fell victim to a phishing scam that resul ..

Support the originator by clicking the read the rest link below.