Warner Music Group Faces Class Action Lawsuit Over Months-Long Hack

Six days back, Digital Music News was first to report that “a number of e-commerce websites” operated by Warner Music Group (WMG) had suffered a major credit card hack. Now, the Big Three record label is facing a class-action lawsuit over the massive data breach.

Two individuals who purchased from Warner Music Group web stores between April 25th and August 5th, when hackers accessed customers’ personal information and credit card details, submitted the class-action complaint to a New York federal court. DMN obtained an exclusive copy of the corresponding filing, which accuses WMG of failing “to properly secure and safeguard personal identifiable information” and of failing “to provide timely, accurate, and adequate notice” of the months-long breach.

After introducing the plaintiffs’ claims and reiterating the size and scope of Warner Music, the lengthy suit outlines the hack’s basic circumstances. To briefly recap, WMG stated in a letter (distributed to those whose data may have been stolen) that “an unauthorized third party” compromised their web stores across a more than three-month stretch, possibly making off with all manner of personal and financial specifics.

It’s unclear exactly how many users were affected by the digital theft, but the legal text notes that “potentially millions of payment card transactions” were exposed to criminals. Warner is still working with law enforcement to track down the perpetrator(s).

However, the filing provides additional context to the hack, beyond the nuances disclosed in WMG’s aforementioned letter. The remote crime may have resulted from “malicious codes” entered into e-commerce stores by the responsible parties, which then collect payment and personal details inputted during the checkout process. In turn, the hack could have acquired the sensitive knowledge “without necessarily comprising the victim website’s network or server,” per the plaintiffs.

The complaint then describes the value that personal and financial particulars hold on the dark web, as well as the intentional delay that often separates the details’ theft and actual use.

Nevertheless, an unapproved charge of $197.90 was made on the first plaintiff’s payment card about one month after he placed an order through a WMG store; the second plaintiff’s payment card was charged in early August, but his bank flagged and blocked the expenditure.

Consequently, the plaintiffs characterize the year-long credit monitoring service Warner Music Group offered possible victims – and the lack of identity theft protection – as “inadequate.”

At the time of this writing, Warner Music Group hadn’t publicly responded to the class-action lawsuit.

4 Responses

  1. Johnny

    I decided recently to sue every single person in the world. They have all made mistakes and they all deserve to be sued! Can you imagine how much money I will make by suing everybody in the world? Yes you, I am coming after you for the shirt you are wearing which made me sick, made me dizzy, then I fell over and banged my head and ended up in hospital. So you are next on my list and you will be hearing from my attorney, Benjamin Boomfarter who will start to run up your legal fees and either you go BK or make the smart decision and settle with me. You decide. This is how the world works. Don’t you know??!!

    • Bill

      Not possible. While you can sue anyone for anything at any time, courts seeing you sue every single person would rule that you are either nuts or trying to scam people and toss out your lawsuits., possibly charging you with something for jamming up the courts and flagrantly abusing the system.