The Warner Music Group has issued a statement confirming the music giant has been hit with a data breach impacting customer credit card information after a successful skimming attack was discovered on its online shopping platforms.
Warner Music says that the skimming campaign and subsequent data breach was discovered internally on August 5th, 2020, and it has alerted all relevant authorities for an investigation.
It’s being reported that the e-commerce platforms used by the Warner Music Group in the US were hosted by service providers, but operated by the Warner Group. Some of these e-commerce platforms were targeted by third party hackers that compromised the system and installed malicious software – malware – onto them.
It’s believed that the personal information that hackers were able to access were the names, email addresses, telephone numbers, credit card numbers, expiration dates, CVC and CVV codes, as well as billing and shipping addresses of Warner Music customers.
Warner Music has notified customers impacted by the breach with a notice of data breach, stating that “on August 5, 2020, we learned that an unauthorized third party had compromised a number of US-based e-commerce websites WMG operates… this allowed the unauthorized third party to potentially acquire a copy of the personal information you entered into one or more of the affected websites between April 25 and August 5, 2020.”
“While we cannot definitively confirm that your personal information was affected, it is possible that it might have been as your transactions occurred during the period of compromise. It it was, this might have exposed you to a risk of fraudulent transactions being carried out using your details,” Warner Music continued to explain.
“Upon discovering the incident, we immediately launched a thorough forensic investigation with the assistance of leading outside cybersecurity experts and promptly took steps to address and correct the issue. We also notified the relevant credit card providers as well as law enforcement,” Warner added.
For more information on an Information Security Management System like ISO 27001, click here for your Free Gap Analysis Checklist.
This is not the first time Warner has been targeted with a data breach, after a 2017 hack that saw 3.12 terabytes of company data exposed after Warner was impacted by a successful phishing scam that resulted in an unauthorized third-party having access to its system.
Ameet Naik, a cybersecurity expert at PerimeterX has told InfoSecurity Magazine https://www.infosecurity-magazine.com/news/warner-music-group-discloses-data/ that “digital skimming and Magecart attacks continue to be a lucrative source of revenue for hackers as they continue to seek large targets for maximum payouts. For example, data stolen from an attack on another e-commerce platform in 2019 was valued at $133 million on the dark web.”
Naik continued to explain that “third-party platforms, scripts, and services are ideal targets for attackers because the techniques can be reused to steal data from multiple e-commerce sites.”