US-based multinational entertainment and recordWarner Music Group has disclosed a web-skimming attack that may have let cybercriminals steal customers’ personal and financial data.
According to a data breach notification submitted with California’s Office of the Attorney General, the incident involved an undisclosed “number of e-commerce websites operated by Warner Music Group (“WMG”) through an external service provider,” and “may have allowed an unauthorized third party to acquire a copy of personal information you entered into those websites.”
The letter specifies that the attackers retained unauthorized access to some WMG operated e-commerce websites between April 25 and August 5, 2020, allowing the perpetrators to view information customers entered during the purchase process.
Although the company could not specifically identify the extent of compromised customer data, attackers could have viewed full names, email addresses, telephone numbers, billing addresses, shipping addresses and credit card details such as card number, CVC/CVV and expiration date. “Payments made through PayPal were not affected by this incident,” WMG added.
“While we cannot definitively confirm that your personal information was affected, it is possible that it might have been as your transaction(s) occurred during the period of compromise,” WMG said. “If it was, this might have exposed you to a risk of fraudulent transactions being carried out using your details. Any personal information you entered into one or more of the affected website(s) between April 25, 2020 and August 5, 2020 after placing an item in your shopping cart was potentially acquired by the unauthorized third party.”
Unfortunately, the company offered no list of affected e-commerce websites, making it nearly impossible for WMG shoppers to tell if they are at risk for identity theft and fraud.
In response to the data breach, Warner Music said it also contacted credit card providers and law enforcement agencies to help with the investigation. Additionally, shoppers are provided with a 12-month credit monitoring service and are asked to check their credit card statements for any suspicious transactions.
*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Alina Bizga. Read the original post at: https://hotforsecurity.bitdefender.com/blog/warner-music-notifies-customers-of-web-skimming-attack-personal-and-financial-data-potentially-viewed-by-cybercriminals-24081.html
Authors/Presenters: *Shradha Neupane, Grant Holmes, Elizabeth Wyss, Drew Davidson, Lorenzo De Carli Many thanks to USENIX for publishing their outstanding…
What really is cyber security and why doesn't the traditional CIA triad of confidentiality, integrity, and availability work? And what's…
The widespread adoption of cloud services has introduced cybersecurity challenges and compliance complexities due to various privacy regulations in different…
The RSA Conference 2024 is set to kick off on May 6. Known as the “Oscars of Cybersecurity”, RSAC Innovation…
Last week, we hosted Michael Tapia, Chief Technology Director at Clint ISD in Texas, and Kobe Brummet, Cybersecurity…
Authors/Presenters: Binbin Zhao, Shouling Ji, Xuhong Zhang, Yuan Tian, Qinying Wang, Yuwen Pu, Chenyang Lyu, Raheem Beyah Many thanks to…