Beggars Group, a conglomerate of many of the world’s biggest independent record labels, has confirmed a data breach that may have exposed personal information including passwords and credit card details to hackers.
The group’s US distributor, Matador Direct, admitted in a letter sent to customers that its e-commerce platforms had been hacked, and any customer that had placed an order online between April 28 and May 4 this year may have been affected.
The labels affected include 4AD, Matador, Rough Trade Records, XL Recordings and Young Turks, according to the Guardian. Artists signed to the affected labels include: Adele, Radiohead, Vampire Weekend, the xx, St. Vincent, Pavement, Interpol, Cat Power, and Queens of the Stone Age.
Pitchfork added that Radiohead’s most recent album, A Moon Shaped Pool, was released after the hack had been discovered and cleaned up, while Adele’s US record label is Columbia, so anyone buying her album 25 was not at risk.
“On May 4, 2016, we were advised by our third-party website developer that it had identified and removed suspicious files from the e-commerce websites of the record labels for which Matador Direct is the distributor,” the letter said. We quickly began an investigation and hired a third-party cybersecurity firm to assist us.”
“Findings from the investigation show that if a customer attempted to or did place an order on one of the affected websites from April 28, 2016 to May 4, 2016, information associated with the order being placed, including the customer’s name, address, phone number, email address, payment card number, expiration date and security code (CVV), and account password for the website on which the customer placed an order, may have been obtained by an unauthorized third-party,” the letter added.
The group did not confirm how many people were affected by the breach. All user passwords have been reset, Beggars Group added.
Photo © dymax