Katherine Webster  |  September 14, 2020

Category: Data Breach

Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.

Warner Music Group logo - data breach

Warner Music Group is facing a class action lawsuit after the company disclosed a prolonged data breach on several of its e-commerce websites.

Warner discovered the data breach Aug. 5, according to Infosecurity Magazine. A third-party hacker installed data-skimming malware on the company’s e-commerce sites that were hosted by an external U.S. service provider, accessing information entered by customers.

Now, two plaintiffs have filed the class action lawsuit on behalf of themselves and others who may have had their information compromised, accusing the company of failing to properly secure the data.

The breach took place between April 25, 2020 and Aug. 5, 2020, the class action lawsuit says.

According to the class action lawsuit, Warner began notifying state attorneys general about the data breach around Sept. 2. The company also mailed a notice of the breach to affected consumers.

In that notice, Warner said the compromised information included consumers’ full names, email addresses, phone numbers and billing and shipping addresses, as well payment card numbers, CVV security codes and expiration dates.

“The stolen information includes everything unauthorized third parties need to illegally use [Warner’s] current and former customers’ PII to steal their identities and to make fraudulent purchases,” the class action lawsuit says, pointing out that the information could also be sold on the dark web to other criminals.

Warner’s “current and former customers face a lifetime risk of identity theft and financial crimes.”

The plaintiffs allege Warner’s negligence led to the data breach. In addition to failing to prevent the breach in the first place, they argue, Warner also didn’t discover it for nearly four months, then took another month to report it.

The plaintiffs say they and other putative Class Members have suffered lost or diminished value of their personal information; out-of-pocket expenses related to the detection of and recover from identity theft, financial crimes and other use of their personal data; lost time as they attempted “to mitigate the actual consequences” of the breach; deprivation of rights under the New York Consumer Law for Deceptive Acts and Practices; and the ongoing increased risk to their information.

A closed padlock lies on top of a stack of fanned-out credit cards on a computer keyboard - data breachIn its privacy policies, Warner touts the secure nature of its websites, according to the class action lawsuit.

For example, the one provided by Atlantic Records reads: “We will use reasonable physical, technical and administrative measures to protect Personal Information under our control.” 

However, Warner does not claim to abide by the Payment Card Industry Data Security Standard, which puts forth measures for ensuring data protection and security processes for online financial transactions, the plaintiffs say. 

Warner either was or should have been aware of the “significant volume of daily payment card transactions on its websites,” the plaintiffs maintain.

The malware infecting Warner’s e-commerce sites could have left “potentially millions of payment card transactions exposed to malicious actors.”

Warner claims it “took steps to address and correct the issue” after the breach occurred and notified “the relevant credit card providers as well as law enforcement,” according to the class action lawsuit. 

The company also reportedly offered affected customers a year of identity monitoring, but not identity theft insurance.

Warner “did not use reasonable security procedures and practices appropriate to the nature of the sensitive, unencrypted information it was maintaining for current and former customers, causing Plaintiffs’ and Class Members’ PII to be exposed,” the class action lawsuit says.

Ameet Naik, a security evangelist at PerimeterX, told CPO Magazine e-commerce sites are lucrative targets for hackers and calls third-party e-commerce scripts a blind spot for website operators. 

According to Naik, cybercriminals use the shadow code to conduct digital skimming; only 8% of e-commerce website owners have insights into the shadow code on their sites.

“Businesses must take control of Shadow Code in their web and mobile applications by following basic security best practices and by leveraging runtime behavioral analysis to detect and stop hidden code from compromising their user data,” Naik told CPO. “Consumers must also continue to be vigilant about their personal data and monitor their credit reports for signs of fraudulent activity.”

The plaintiffs are seeking relief compelling Warner to use appropriate cybersecurity methods and policies regarding the collection, storage, protection and disposal of consumers’ personal data and to disclose “with specificity” the type of information compromised; an award of compensatory, nominal, consequential and punitive damages; attorneys’ fees and litigation expenses; prejudgment interest on all amounts awarded; and any other relief the Court deems appropriate.

They also demand a jury trial.

Do you believe the Warner data breach may have exposed your personal information? Let us know in the comments.

The plaintiffs are represented by Amanda Peterson, John A. Yanchunis, Jean Martin and Ryan J. McGee of Morgan & Morgan; and M. Anderson Berry and Leslie Guillon of Clayeo C. Arnold, A Professional Law Corp.

The Warner Data Breach Class Action Lawsuit is Levi Combs, et al. v. Warner Music Group Corp., Case No. 1:20-cv-07473, in the U.S. District Court for the Southern District of New York.

We tell you about cash you can claim EVERY WEEK! Sign up for our free newsletter.

11 thoughts onWarner Music Group Faces Class Action Lawsuit Over Data Breach

  1. Monique Hibbs says:

    Please add me

  2. JODY A EZELL says:

    Please add me

  3. Tammy Nash says:

    Add me

  4. Roderick Jewell says:

    Add me.

  5. Kayla says:

    Add me.

  6. Alexander Buck says:

    Add me in

  7. Joshua Webster says:

    I would also like to be notified and included, as even after replacing my card, fraudulent charges still keep happening.

  8. Felicia R Reddick says:

    add me in

  9. talitha frazier says:

    Add me

  10. Chynna says:

    I 100% know my bank account was swept from this. My bank denied my fraudulent claim and I don’t know where to go from here. Can anyone help?

    1. Renee wagner says:

      Please add me

Leave a Reply

Your email address will not be published. By submitting your comment and contact information, you agree to receive marketing emails from Top Class Actions regarding this and/or similar lawsuits or settlements, and/or to be contacted by an attorney or law firm to discuss the details of your potential case at no charge to you if you qualify. Required fields are marked *

Please note: Top Class Actions is not a settlement administrator or law firm. Top Class Actions is a legal news source that reports on class action lawsuits, class action settlements, drug injury lawsuits and product liability lawsuits. Top Class Actions does not process claims and we cannot advise you on the status of any class action settlement claim. You must contact the settlement administrator or your attorney for any updates regarding your claim status, claim form or questions about when payments are expected to be mailed out.