Tidal says it’s investigating how an internal data breach of sensitive company data resulted in a hard drive falling into the hands of a Norwegian newspaper, according to Variety. The paper, Norwegian business publication Dagens Næringsliv, accused the music streaming service last week of inflating both its subscriber growth numbers and streaming numbers for popular exclusive releases, including Beyonce’s Lemonade and Kanye West’s Life of Pablo. Allegedly, data proving the numbers were inflated was found on a hard drive the paper obtained through means it has not disclosed.
Tidal is disputing the accusations, but it’s also now saying that it’s investigating how any confidential company data could have made its way onto a hard drive that was then given to the paper. “We reject and deny the claims that have been made by Dagens Næringsliv,” Tidal CEO Richard Snaders said in a statement given to Variety. “When we learned of a potential data breach we immediately, and aggressively, began pursuing multiple avenues available to uncover what occurred.”
Tidal says it’s informed the proper authorities and has begun pursuing legal action. The company has also hired a third-party cybersecurity firm to “conduct a review of what happened and help us further protect the security and integrity of our data.”
So we don’t necessarily know whether all of the data obtained by Dagens Næringsliv is legitimate, and whether it’s true that Tidal is inflating its numbers. But it would appear that the database does involve in part information Tidal does not want public. According to Variety, Tidal, which does not often share numbers publicly except in cases where it wants to tout successful exclusive launches, recorded hard-to-believe numbers for Lemonade and Life of Pablo, among other albums. For instance, Tidal claimed West’s album recorded 250 million streams in the first 10 days after release with only 3 million subscribers, which would mean each subscriber listened to the album in full on average of eight times per day.
The most likely case here is that Tidal is saying the data is either incomplete or being misread by Dagens Næringsliv, but we don’t know for sure without the data being public and without Tidal commenting on which parts of the trove are legitimate. Here’s Sanders’ statement to Variety in full:
We reject and deny the claims that have been made by Dagens Næringsliv. Although we do not typically comment on stories we believe to be false, we feel it is important to make sure that our artists, employees, and subscribers know that we are not taking the security and integrity of our data lightly, and we will not back down from our commitment to them.
When we learned of a potential data breach we immediately, and aggressively, began pursuing multiple avenues available to uncover what occurred. This included reporting it to proper authorities, pursuing legal action, and proactively taking steps to further strengthen our stringent security measures that are already in place.
Additionally, we have engaged an independent, third party cyber-security firm to conduct a review of what happened and help us further protect the security and integrity of our data. We are proud of the hard work, devotion to our artist driven mission, and tremendous accomplishments of our over one hundred employees in Norway and fifty more in the United States.
We look forward to sharing with them, and all of our partners, the results of the review once completed.