A woman is suing Warner Music Group in the aftermath of a data breach in which hackers accessed customers’ personal and credit card information.
Linda Stevens filed her proposed class-action lawsuit Tuesday in Los Angeles Superior Court and is seeking unspecified damages. Her allegations include breach of contract, negligence and violation of the state’s Consumer Privacy Act.
A Warner Music representative could not be immediately reached for comment.
WMG was founded by Warner Bros. and is the third largest recording company in the worldwide music industry, according to the suit, which says thousands of people make purchases on its e-commerce websites weekly and possibly daily.
“What WMG customers did not expect … was that their personal and sensitive information would be accessed and potentially harvested by unauthorized third parties,” the suit states.
Although WMG was aware of the breach on Aug. 5, customers were not notified until Sept. 3 and were not told which e-commerce websites were attacked or how the persons responsible were able to access the customers’ information, according to the suit.
The WMG e-commerce websites were compromised by a lengthy skimming attack in which personal data entered by customers between April 25 and Aug. 5 was accessed, including names, email addresses, telephone numbers, billing addresses, shipping addresses, credit card numbers, card expiration dates and credit card codes, the suit states.
Stevens says she gave her personal information to WMG when making a purchase on one of its e-commerce websites, neilyoung.warnerrecords.com. As a result of the breach, Stevens and other class members have been placed “at an imminent, immediate and continuing risk of harm from identity theft and identify fraud, requiring them to take the time to mitigate the actual and potential impact of the data breach on their lives …,” the suit says.
Warner sent a data breach notice to an undisclosed number of affected customers stating that “any personal information” entered into the affected websites “after placing an item in your shopping cart was potentially acquired by the unauthorized third party.” Warner said then that it promptly informed relevant credit card providers and law enforcement agencies of the breach and offered affected customers 12 months of identity monitoring services free of charge.
The latest cyberattack comes three years after the Warner conglomerate was victimized by a phishing scam resulting in the leak of internal data relating to Vevo, the company’s premium music video provider, the suit states.