A lawsuit has been filed against Warner Music Group following the disclosure of a data breach that compromised customers' sensitive personal information.
Warner notified customers of a breach earlier this month after discovering a number of its e-commerce websites had fallen victim to a prolonged skimming attack.
Attackers were able to access personal data entered by customers into the impacted sites between April 25, 2020, and August 5, 2020. Information compromised in the attack included names, email addresses, telephone numbers, billing addresses, shipping addresses, credit card numbers, card expiration dates, and CVC and CVV codes.
Following the cyber-incident, Morgan & Morgan has filed a class-action lawsuit against the music recording company on behalf of two plaintiffs.
Levi Combs of Marysville, Ohio, and Esteban Trujillo of Orlando, Florida, purchased items from websites operated by Warner in July 2020 and May 2020, respectively.
Both men subsequently received Warner's Notice of a Data Breach document at the beginning of September.
Combs and Trujillo allege that Warner failed to "properly secure and safeguard personal identifiable information, including without limitation, unencrypted names, email addresses, telephone numbers, billing addresses, shipping addresses, payment card numbers, payment card CVV security codes, and payment card expiration dates."
The plaintiffs further claim that the company "failed to provide timely, accurate, and adequate notice to plaintiffs and similarly situated WMG customers ('Class Members') that their PII had been stolen by hackers, and precisely what types of information was unencrypted and in the possession of unknown, unauthorized third parties."
In August, the same payment cards that Combs and Trujillo had used to make purchases from Warner's hacked websites were used by an unknown third party or parties to make two unauthorized purchases, one of which was declined by the bank after appearing suspicious.
“These large companies know the risk posed by cyber-criminals and continue to be cavalier with their customers’ personal information," said Morgan & Morgan attorneys John Morgan and Jean Martin in a statement.
"The fact that this breach allegedly went on undetected for more than three months demonstrates the alleged lack of care taken by Warner Media Group to secure its customers’ information."