By Dave McKay | September 6, 2020
Warner Music Group (WMG) has suffered a data breach that has compromised the personal and financial information of thousands of its customers. Its e-commerce sites have been attacked and breached by a group of alleged Magecart operators. Magecart attacks are based on injecting malicious scripts into JavaScript-based websites in order to “skim” sensitive information such as financial and payment details.
WMG has c. 4,000 employees and operates in 70 countries, so the number of affected data subjects could run into the millions. They also own Elektra, Warner Records, Atlantic, Warner Classics, Parlophone, Warner Music Nashville, and many others.
In its incident report, the company mentions that it involves multiple of its commercial websites, operated through a third-party company.
“On August 5, we were notified that an unauthorized third party compromised some of our e-commerce websites operated by U.S.-based third-party vendors,” mentions the report the company sent to potentially affected users. Improper access would have occurred between 25 April and 5 August this year.
User data compromised during the incident includes details such as:
- Full names
- Email addresses
- Phone numbers
- Billing address
- Payment card details
- Card number
- Expiration date
- Security key
You can read the statement by WMG here.
Source: Information Security Newspaper