Threat Actor: Unknown | unknown
Victim: Universal Music Group | Universal Music Group
Price: Not disclosed
Exfiltrated Data Type: Personal information, including Social Security numbers
Key Points :
- Data breach affected 680 individuals.
- Incident occurred on July 15, 2024, and was discovered on August 30, 2024.
- Unauthorized activity detected in an internal application.
- Universal Music Group engaged third-party experts for investigation and remediation.
- Impacted individuals offered 24 months of free credit monitoring and identity theft protection services by Experian.
- No known misuse of the stolen data reported.
- No ransomware group has claimed responsibility for the attack as of now.
- Individuals are advised to remain vigilant for signs of anomalous financial activity.
Universal Music Group notified hundreds of individuals about a data breach compromising their personal information.
Universal Music Group is notifying 680 individuals about a data breach that compromised their personal information, including their Social Security number.
The data breach occurred on July 15, 2024, and was discovered on August 30, 2024.
“In early July, we detected unauthorized activity in one of our internal applications. We promptly engaged third-party experts to investigate and assist with remediation. Through that investigation, we determined that an unauthorized third party acquired data that potentially contained personal information. We then engaged a data-review firm to review the exfiltrated data. We received those results on August 30, 2024, and worked with counsel to determine which individuals to notify.” reads the data breach notification letter shared with the Maine Attorney General’s Office. “The data accessed by the unauthorized person contained your personal information, including your name and Social Security number.”
Universal Music Group is not aware of any misuse of the stolen data.
The company offers impacted individuals 24 months of free credit monitoring and identity theft protection services provided by Experian.
Universal Music did not share technical details about the security breach, at this time no ransomware group claimed responsibility for the attack.
The company recommends that impacted individuals remain vigilant for any signs of anomalous financial activity.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, data breach)