NOTICE: If you reside in California, made an online purchase on a Warner Music Group e-commerce website between April 25, 2020 and August 5, 2020 and received a NOTICE OF DATA BREACH, contact the Arnold Law Firm at (916) 777-7777.
Consumers are reporting fraudulent credit card activity that appears to be the result of a massive Warner Music Group (WMG) credit card hack that spanned over three months of online transactions involving multiple websites.
While the international music conglomerate publicly announced the data breach, it has not yet disclosed which of its ecommerce websites were compromised or how many consumers were affected. WMG continues to notify additional customers, according to current discussions on Reddit.
Cyber security experts say the e-skimming breach appears to be a Magecart attack.
Magecart is a malicious hacking group that targets online shopping cart systems, usually the Magento Marketplace system, to capture customer payment card details during ecommerce transactions. The Magecart malware taps into online shopping carts while they complete their purchase.
When the shopping cart purchase button is clicked, Magecart grabs an image of the transaction and sends it to the hacker's server. This approach is highly effective, because image file requests are less likely to be monitored by security systems.
The stolen confidential information is then sold on the dark web, often including security details, such as the card verification value (CVV) number on the back of your credit card.
Magecart has been active since 2016, and has become increasingly prolific as a lucrative source of revenue for hackers. For example, data stolen from an attack on another e-commerce platform in 2019 was valued at $133M on the dark web.
Magecart was blamed for several recent payment card skimming scripts, including MyPillow.com and Claire’s.
According to a State of Security report by PCI Pal, over a fifth (21 percent) of US consumers say they will not return to a brand that has suffered a data breach, and 83% claim they would stop spending for several months after a breach or serious incident. RSA Security research found that 69 percent of global consumers are prepared to boycott any company they believe does not take data protection seriously.
If you reside in California, made an online purchase on a Warner Music Group e-commerce website between April 25, 2020 and August 5, 2020, contact the Arnold Law Firm at (916) 777-7777 to discuss your situation and possible developing legal options.
Wrongfully blamed: What really happened to Randy Stevens
Randy Stevens opened his eyes and saw his wife standing over him in a hospital room. He had no idea what had happened. His last memory was of standing next to his truck trailer and watching as a Security Contractor Services forklift driver struggled to load an ungainly pallet of...Learn More
Last winter, a commercial truck and trailer made an abrupt wide turn into the path of a 24-year-old motorcyclist. The resulting collision sent Justin to the hospital with a collapsed lung, multiple fractured bones and a traumatic brain injury.
Justin's mother realized that her son needed legal help. While he was still in a coma...Learn More