Warner Music discloses months-long web skimming incident
Warner Music Group, a well-known record producer disclosed yesterday that they had been targeted by a cyberattack in which customers’ payment card information may have been exposed. The attack was a web skimming or magecart style hack in which cybercriminals compromise a website and insert malicious code. This code collects customer details and extracts sensitive information from payment forms.
Warner filed a data breach notification letter with the Office of the Attorney General in California yesterday. The attackers reportedly had access from the sites between April 25 and August 5, compromising a number of the company’s US-based e-commerce sites that were hosted by a third party. Exposed information could include name, email address, phone number, billing and shipping address, and payment card details consisting of the card number, CVV/CVC, and expiration date.