Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
Warner Music Group is facing a class action lawsuit after the company disclosed a prolonged data breach on several of its e-commerce websites.
Warner discovered the data breach Aug. 5, according to Infosecurity Magazine. A third-party hacker installed data-skimming malware on the company’s e-commerce sites that were hosted by an external U.S. service provider, accessing information entered by customers.
Now, two plaintiffs have filed the class action lawsuit on behalf of themselves and others who may have had their information compromised, accusing the company of failing to properly secure the data.
The breach took place between April 25, 2020 and Aug. 5, 2020, the class action lawsuit says.
According to the class action lawsuit, Warner began notifying state attorneys general about the data breach around Sept. 2. The company also mailed a notice of the breach to affected consumers.
In that notice, Warner said the compromised information included consumers’ full names, email addresses, phone numbers and billing and shipping addresses, as well payment card numbers, CVV security codes and expiration dates.
“The stolen information includes everything unauthorized third parties need to illegally use [Warner’s] current and former customers’ PII to steal their identities and to make fraudulent purchases,” the class action lawsuit says, pointing out that the information could also be sold on the dark web to other criminals.
Warner’s “current and former customers face a lifetime risk of identity theft and financial crimes.”
The plaintiffs allege Warner’s negligence led to the data breach. In addition to failing to prevent the breach in the first place, they argue, Warner also didn’t discover it for nearly four months, then took another month to report it.
The plaintiffs say they and other putative Class Members have suffered lost or diminished value of their personal information; out-of-pocket expenses related to the detection of and recover from identity theft, financial crimes and other use of their personal data; lost time as they attempted “to mitigate the actual consequences” of the breach; deprivation of rights under the New York Consumer Law for Deceptive Acts and Practices; and the ongoing increased risk to their information.
In its privacy policies, Warner touts the secure nature of its websites, according to the class action lawsuit.
For example, the one provided by Atlantic Records reads: “We will use reasonable physical, technical and administrative measures to protect Personal Information under our control.”
However, Warner does not claim to abide by the Payment Card Industry Data Security Standard, which puts forth measures for ensuring data protection and security processes for online financial transactions, the plaintiffs say.
Warner either was or should have been aware of the “significant volume of daily payment card transactions on its websites,” the plaintiffs maintain.
The malware infecting Warner’s e-commerce sites could have left “potentially millions of payment card transactions exposed to malicious actors.”
Warner claims it “took steps to address and correct the issue” after the breach occurred and notified “the relevant credit card providers as well as law enforcement,” according to the class action lawsuit.
The company also reportedly offered affected customers a year of identity monitoring, but not identity theft insurance.
Warner “did not use reasonable security procedures and practices appropriate to the nature of the sensitive, unencrypted information it was maintaining for current and former customers, causing Plaintiffs’ and Class Members’ PII to be exposed,” the class action lawsuit says.
Ameet Naik, a security evangelist at PerimeterX, told CPO Magazine e-commerce sites are lucrative targets for hackers and calls third-party e-commerce scripts a blind spot for website operators.
According to Naik, cybercriminals use the shadow code to conduct digital skimming; only 8% of e-commerce website owners have insights into the shadow code on their sites.
“Businesses must take control of Shadow Code in their web and mobile applications by following basic security best practices and by leveraging runtime behavioral analysis to detect and stop hidden code from compromising their user data,” Naik told CPO. “Consumers must also continue to be vigilant about their personal data and monitor their credit reports for signs of fraudulent activity.”
The plaintiffs are seeking relief compelling Warner to use appropriate cybersecurity methods and policies regarding the collection, storage, protection and disposal of consumers’ personal data and to disclose “with specificity” the type of information compromised; an award of compensatory, nominal, consequential and punitive damages; attorneys’ fees and litigation expenses; prejudgment interest on all amounts awarded; and any other relief the Court deems appropriate.
They also demand a jury trial.
Do you believe the Warner data breach may have exposed your personal information? Let us know in the comments.
The plaintiffs are represented by Amanda Peterson, John A. Yanchunis, Jean Martin and Ryan J. McGee of Morgan & Morgan; and M. Anderson Berry and Leslie Guillon of Clayeo C. Arnold, A Professional Law Corp.
The Warner Data Breach Class Action Lawsuit is Levi Combs, et al. v. Warner Music Group Corp., Case No. 1:20-cv-07473, in the U.S. District Court for the Southern District of New York.
Read About More Class Action Lawsuits & Class Action Settlements:
Data Breach 2020: How Many Times Has Carnival Corporation Been Hit?
Dave Banking App Users File Data Breach Class Action Lawsuit
IED Attacks in Iraq Traced to Big Bank Financing
Hackensack Meridian Health Sued Because of Hospital Ransomware Attack
11 thoughts onWarner Music Group Faces Class Action Lawsuit Over Data Breach
Please add me
Please add me
Add me
Add me.
Add me.
Add me in
I would also like to be notified and included, as even after replacing my card, fraudulent charges still keep happening.
add me in
Add me
I 100% know my bank account was swept from this. My bank denied my fraudulent claim and I don’t know where to go from here. Can anyone help?
Please add me