Universal Music Group (UMG), one of the world’s largest music corporations, has disclosed a data breach that occurred in mid-July 2024.
According to a filing with the Maine Attorney General’s Office, the breach may have exposed the personal information of 680 US residents.
In the filing, UMG said it detected unauthorized activity in one of its internal applications on July 15, prompting an immediate investigation involving third-party cybersecurity experts.
The investigation later confirmed that an unauthorized third party had accessed data, potentially including sensitive information such as names and Social Security Numbers.
In a notice to affected customers, UMG confirmed it worked with a data-review firm to analyze the stolen data, with the findings finalized by August 30. Despite confirming the breach, the company stated that there is no evidence to suggest the compromised information was misused.
“While we have found no evidence that your information has been misused, we are informing you of the incident to allow you to take steps to maintain the security of your identity,” the company wrote.
To mitigate the potential risks for those affected, UMG is offering complimentary credit monitoring and identity theft protection through Experian’s IdentityWorks for 24 months. This service will help individuals monitor their credit reports and safeguard against potential identity theft.
UMG has not provided further details on whether the breach extended beyond personal data or if any of its internal systems were compromised.
Furthermore, at the time of writing, no ransomware group or cybercriminal organization has claimed responsibility for the breach. The possibility of a ransomware attack has not been ruled out, as such groups sometimes remain silent when ransoms are paid.
Read more on ransom payments: Over Half of Breached UK Firms Pay Ransom
More generally, the incident raises broader concerns about data security within major corporations. For now, UMG is advising those affected to remain vigilant and take necessary steps to protect their personal information.
The company has not immediately responded to Infosecurity’s requests for additional information.
Image credit: viewimage / Shutterstock.com