‘Cutting Corners’: Class Action Claims 2020 Warner Music Group Data Breach Result of Lax Cybersecurity

New to ClassAction.org? Read our Newswire Disclaimer

Warner Music Group faces a proposed class action lawsuit over its alleged failure to reasonably safeguard the personal information of online customers.

The 39-page complaint, filed in New York federal court, alleges unauthorized parties were able to execute a data breach that affected Warner’s thousands of websites from roughly April 25 through August 5, 2020 due to the major record label conglomerate’s “violation of its obligations to abide by best practices and industry standards” in protecting its online payment systems. 

“Defendant failed to comply with security standards and allowed its customers’ [personal information] to be compromised by cutting corners on security measures that could have prevented or mitigated the Data Breach that occurred,” the lawsuit alleges. 

According to the plaintiff, a Saint Helens, Oregon resident, Warner became aware in early August that an unauthorized party had possibly gained access to the personal information provided by customers when making online purchases. On or about September 2, Warner disclosed the breach to a number of state attorneys general, and mailed a document titled “Notice of Data Breach” to customers, the suit says.

More specifically, Warner relayed in its data breach notice that a number of its U.S.-based e-commerce sites hosted and supported by an external service provider had been compromised between April 25 and August 5. Though the company said it could not definitively confirm that an individual’s personal information was affected, Warner conceded, “it is possible that it might have been as your transaction(s) occurred during the period of the compromise.”

The lawsuit scathes that although Warner claims to have “launched a thorough forensic investigation” and “took steps to address and correct the issues,” these measures, as well as its offer of 12 months of free identity monitoring services to affected consumers, “are simply reactionary, and do nothing to prevent fraud in the first place nor do they compensate the victims of such fraud.”

Warner’s apparent cybersecurity shortcomings have left proposed class members’ financial information and interests at a serious and ongoing risk of misuse, the case stresses. Similarly, affected Warner music customers must now expend time and money to mitigate the risk of identity theft and fraud, the suit says, including locating fraudulent charges, canceling old and obtaining new credit cards, buying identity theft protection services and closely monitoring accounts, among other ongoing measures. 

The lawsuit goes on to relay Warner was aware of the very real risks of data breaches in that the company fell victim three years ago to a phishing scam that led to the leak of 3.12 terabytes of data related to a music video provider. 

The suit aims to cover anyone who used their credit, debit or prepaid debit card on a website operated by Warner Music Group during the period of April 25, 2020 to August 5, 2020. 

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.