Universal Music Group admits data breach, Social Security Numbers and more stolen

Hundreds of customers have information taken

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Universal Music Group (UMG), the world’s largest music company, confirmed suffering a cyberattack in which sensitive customer information was stolen.

In a data breach notification letter sent to affected individuals, the company said that it detected unauthorized activity in one of its internal applications in early July 2024. Subsequent investigation determined that the threat actors exfiltrated people’s names and Social Security Numbers.

UMG alsofiled a formwith the Office of the Maine Attorney General, in which it said that the breach affected 680 people, including one resident of Maine.

No evidence of misuse

While the breach definitely sounds limited, compared to some others we’ve seen lately, it is still big enough to result in phishing, or identity theft, which could lead to more dangerous attacks, such as ransomware. At this time, UMG does not believe this is the case:

“While we have found no evidence that your information has been misused, we are informing you of the incident to allow you to take steps to maintain the security of your identity,” the company wrote.

So, the data is yet to be abused somewhere - however, UMG is not taking any chances, and will be offering credit monitoring andidentity theft protectionthrough Experian’s IdentityWorks for 24 months, for affected people.

UMG did not share more details about the incident, so we don’t know if this was aransomwareattack in the first place. Usually, ransomware attacks do result in data theft, as well, although in recent times, some groups skip the encryption part and just go for the data. It’s faster and cheaper that way, yet apparently yields the same results.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

No threat actors have assumed responsibility for the attack, as well.

Headquartered in the Netherlands, UMG is the world’s largest music company, engaged in the recording, publishing, and distribution. It represents a vast catalog of artists and owns several prominent labels, such as Capitol Records, Def Jam, and Republic Records.

ViaInfosecurity Magazine

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

GoPro Max 2 hit by further delays – 2025 is the earliest we’ll see the 360-degree action cam