Beggars Group (4AD, Matador, XL) Hacked, Customers Warned of Data Breach

Beggars Group, the conglomerate of independent labels including 4AD, Matador, Rough Trade, True Panther, XL Recordings, Young Turks, and Beggars Arkive, has revealed that their online stores have been hacked, and customers’ confidential information may have been compromised. A letter sent by Beggars’ U.S. distributor Matador Direct last week said that customers who placed orders through the websites for Matador Direct-distributed labels from April 28, 2015 to May 4, 2016 may have been the victims of a data breach. Credit card numbers were among the details possibly exposed to hackers. A Beggars spokesperson declined to say how many accounts may have been affected.

Artists that have released music on Beggars Group labels include Adele, Radiohead, Vampire Weekend, the xx, St. Vincent, Pavement, Interpol, Cat Power, Queens of the Stone Age, and countless others. (Releases by Adele, who is on a different label in the U.S., and Radiohead, whose records were not sold by Beggars during the relevant time period, were not affected by the breach.)

“On May 4, 2016, we were advised by our third-party website developer that it had identified and removed suspicious files from the e-commerce websites of the record labels for which Matador Direct is the distributor,” Matador president and co-owner Patrick Amory wrote in the letter, dated July 15. “We quickly began an investigation and hired a third-party cybersecurity firm to assist us. Findings from the investigation show that if a customer attempted to or did place an order on one of the affected websites from April 28, 2016 to May 4, 2016, information associated with the order being placed, including the customer’s name, address, phone number, email address, payment card number, expiration date and security code (CVV), and account password for the website on which the customer placed an order, may have been obtained by an unauthorized third-party.”

As a security precaution, customer passwords have been changed and will need to be reset before the accounts can be used again.

Cybersecurity has been a leading concern for companies in recent years, though the music industry has so far avoided the worst breaches. In April, Spotify denied a report claiming hundreds of users’ data had been breached, according to Billboard. 

A Beggars spokesperson told Pitchfork in a statement: “Matador Direct identified and addressed a data security incident that potentially affected orders placed or attempted to be placed from April 28, 2015 to May 4, 2016 on the e-commerce sites operated by Matador Direct. Customers who have questions may contact our dedicated call center at (877) 218-0056, Monday through Friday, from 9 a.m. to 7 p.m. EST and provide reference number 7631070716 when calling.”

Comments are closed.