RIAA member Warner Music Group is disclosing a data breach. The multinational record label is notifying affected users of the data skimming malware incident.
A prolonged skimming attack has been discovered by the major multinational record label Warner Music Group. In response, the label is notifying affected users. How many users have been affected has not been disclosed. Still, a number of its e-commerce websites have been affected. From InfoSecurity-Magazine:
E-commerce websites that are hosted and supported by an external service provider in the US but operated by Warner were found to have been compromised by an unauthorized third party.
By installing data-skimming malware on the sites, the threat actor was able to access information being entered by customers.
Personal data compromised in the attack included names, email addresses, telephone numbers, billing addresses, shipping addresses, credit card numbers, card expiration dates, and CVC and CVV codes.
The as yet unidentified cyber-criminal accessed Warner customers’ personal information entered into the affected websites during transactions made between April 25, 2020, and August 5, 2020. Payments made through PayPal were reportedly not affected by this incident.
A data breach notice sent by Warner to the affected customers stated that “any personal information” customers had entered into the affected websites “after placing an item in your shopping cart was potentially acquired by the unauthorized third party.”
Warner said that it was prompt to inform relevant credit card providers and law enforcement of the breach. The company has not yet disclosed how many customers were affected by the incident.
Affected customers have been offered 12 months of identity monitoring services free of charge by Warner.
The timing of this breach is definitely horrible. When people are largely staying home due to the COVID-19 pandemic, so many more find themselves buying things online instead of going to physical stores. That has put the emphasis on giving stores a digital presence. Whether it is through Amazon (which has seen a significant boom in sales thanks to the current situation) or running through an in-house e-commerce site, online sales have taken on particular significance for businesses in recent months.
With so much emphasis on online retail, a website data breach like this is particularly brutal. This is because it threatens to stoke fear that online retail isn’t secure in the first place. If it’s not a fear of customers security with e-commerce in general, then it could threaten to be a fear of how a particular company is handling things. Either way, the danger is that sales could get knee-capped thanks to an added barrier to reaching customers in the first place.
As noted above, Warner Music Group is a major member of the Recording Industry Association of America (RIAA).
Drew Wilson on Twitter: @icecube85 and Facebook.