The independent record company Burning Shed has reported musos of a digital burglary involving the partial theft of its customer database, although no payment records have been viewed.
Customers were informed yesterday that the break-in took place on December 18, but was not discovered by the company until the end of last week, April 17. The letter – seen by us – stated:
He added: “However, we can guarantee that no payment information of any kind has been compromised in connection with this violation. We do not store any of our credit card or PayPal details in our database. “
The advice to customers with poor security hygiene is that if they have used their Burning Shed password on multiple accounts with different providers, do the right thing immediately and update them.
When the burglary became apparent late last week, the label said it had recruited a “high-level expert” and put the person to work “by solving the problem that caused the violation” .
The path has not been specified, nor has the vulnerability, but the security gun “strengthens the way passwords are encrypted” and, as a precaution, all data is transferred to a new host.
“We have taken the Burning Shed site offline for maintenance in order to complete the security updates,” the letter said. “This means that we will not take any orders for approximately 48 hours from today [yesterday] and you will need to change your password when the operation is complete. “
The Information Commissioner's office was informed of the breach yesterday and the company has said it will “comply” with any watchdog recommendations.
Burning Shed was founded in 2001 and the artists served by the label include British pillars King Crimson, Marillion and Porcupine Tree, as well as ambient muso Roger Eno. ®
Office 365 client-to-client migration tips