Fraudulent Credit Card Charges? Your Band Merchandise Purchase May Have Been Hacked.
Fraudulent Credit Card Charges? Your Band Merchandise Purchase May Have Been Hacked.
Posted on behalf of Arnold Law Firm
on September 16, 2020 in Data Breach Updated on February 24, 2022
NOTICE: If you reside in California, made an online purchase on a Warner Music Group e-commerce website between April 25, 2020, and August 5, 2020 and received a NOTICE OF DATA BREACH, contact the Arnold Law Firm at (916) 777-7777.
“Just had an e-mail this morning from Warner Music Group saying security had been breached and account details had been acquired,” user u/Way2Competitive posted on Reddit on August 24, 2020.
“If anyone else has bought Dance Gavin Dance merch through their website, might be worth a check to make sure everything looks ok!”
The user went on to share the Data Breach Notice that Warner Music Group (WMG) submitted with the State of California Department of Justice Attorney General.
On August 5, 2020, WMG discovered that an unauthorized third party compromised a number of e-commerce websites operated by WMG that are hosted and supported by an external service provider. The security incident allowed the third-party access to customer personal information entered into the affected websites during transactions between April 25, 2020 and August 5, 2020.
Was Your Card Compromised?
If you made a purchase from a music band website between April 25, 2020, and August 5, 2020, it’s worth looking into.
Let’s look at the example above. u/Way2Competitive purchased merchandise from the Dance Gavin Dance band website during the data breach time window.
Dance Gavin Dance is an American post-hardcore rock band from Sacramento, California. The band is currently with Rise Records, an independent record label that focuses on heavy metal and punk rock music artists.
Rise Records is not a WMG label, so how was u/Way2Competitive’s transaction compromised?
Rise Records has a distribution deal with Alternative Distribution Alliance, a distributor owned by WMG. WMG artist services business works with WMG artists, as well as artists not signed to their recording labels to support both commerce and marketing aspects of artists’ businesses.
Because the Dance Gavin Dance website and its shopping cart is managed through WMG, the band website transactions were exposed to the Magecart attack, which skims payment card details, including card numbers, VCV/CVVs, and expiration dates.
How Can You Check?
Unfortunately, WMG has not disclosed a list of affected e-commerce websites, which makes it nearly impossible for shoppers to tell if they are at risk for identity theft and fraud. In fact, consumers may not even realize that they made a purchase from a WMG website, because it can be difficult to determine whether a music-related website is associated with WMG.
If you made any recording artist-related purchase online from April to August, we suggest that you search your email folders for “notice of data breach” from WMG. These notices are commonly screened by spam filters and may not reach your inbox.
Notices may also be sent via USPS delivery. WMG appears to still be in the process of notifying consumers who were affected by the security incident.
WMG is directing questions about the security incident to 1-866-951-4190 or [email protected].
How Big Was the WMG Data Breach?
At this time, it is unknown how many consumers were affected by the WMG data breach. However, the music giant is associated with an estimated 65,000 songwriters, including Ed Sheeran, Lizzo, and Led Zepplin.
Three months of consumer transactions involving thousands of recording artist websites may have been compromised, which could potentially translate into credit card information stolen from millions of shoppers.
On social media forums, disgruntled consumers have mentioned fraudulent credit card activity believed to be associated with various band website purchases, including:
Smashing Pumpkins
Grateful Dead
Gojira
Cold Play
Oliver Tree
Dance Gavin Dance
Kehlani
Li’l Uzi
Neil Young
Gorillaz
I Got a WMG Data Breach Notice, Now What?
WMG is offering 12 months of identity monitoring services to affected customers at no cost. The company is also encouraging customers to monitor any unauthorized use of payment cards and suspicious email communications, particularly those purporting to come from WMG or any WMG-related websites.
You may also want to investigate whether possible legal action applies to your situation, especially if you live in California.
The California Consumer Privacy Act (CCPA) applies to companies that do business in California and collect personal information from California residents. The CCPA went into effect on January 1, 2020 and is considered to be one of the broadest state-level privacy laws in U.S. history. Among the rights the CCPA endows is the consumer’s right to bring an action for statutory damages if a data breach meets certain requirements.
If you reside in California, made an online purchase on a WMG e-commerce website between April 25, 2020 and August 5, 2020, and received a NOTICE OF DATA BREACH, contact the Arnold Law Firm at (916) 777-7777 to discuss your situation and possible developing legal options.
After a drunk driver hit me I wasn’t really sure what to do. A friend of mine Highly Recommended Arnold Law Firm, what a great recommendation it has been! The staff from lawyers to assistants has been nothing short of amazing. Always are calling and emailing me to update what is going on with your case. A very nerve racking thing to deal with personal injury and what comes from it. But with Arnold Law Firm you can rest knowing they are fighting for every inch for you. Need a law office? Look no further!
This firm is a joy to work with, they really care about their clients. Mr. Minney and Deena were wonderful to work with.
I am very grateful for the services I got from Arnold Law Firm! Everyone was great! Stephanie was awesome! Her dedication and perseverance were admirable! She was the person behind the success of my claim! I truly appreciate her in particular, and Arnold Law Firm staff, in general!
So far, we are very happy with Arnold Law Firm and the personal service we have received by Dominic Sandaval. We are looking forward to continuing this relationship through the remainder of our law suit.
Thank you, Gilbert and Joanne Joseph
Not just legal experts, The Arnold Law Firm and my case manager Stephanie Baffoni genuinely cares about you.
The Arnold Law Firm has a proven track record of success fighting for their clients and I am very thankful to have them supporting me during a very challenging time. What I did not expect is the level of compassion, partnership, and trust Stephanie and the team strives to achieve in what could have been a purely transactional relationship.If you want to be treated like a person, not a number, and know someone is looking out for your best interests, then look no further.