ICL announced on Monday that it had discovered the biggest security breach ever in the history of the company.
ICL CEO Jim Gellman said the attack took place in June last year and was discovered by researchers from cybersecurity firm Trend Micro, which also reported the breach to the company on June 29.
ICM researchers say they found evidence that the attack originated with an unnamed third party.
“The most serious security breach that I have ever seen in my 20-plus years of work,” Gellmans told reporters.
Mr Gellmen added that the company was “taking every precaution” to protect the company’s systems, employees and customers.
ICL, one of the world’s biggest music services, said it was in “ongoing discussions” with Trend Micro and other researchers to resolve the issue.
Trend Micro said it has identified two malware variants used in the attack, one known as DMA and the other as L2, which are the same as one that was used in previous breaches.
“ICL is taking every precaution to mitigate any further attacks and is taking further measures to protect its customers, employees, and customers from future data breaches,” Mr Gellmann said.
He said the company is working with security experts to identify and fix the vulnerability.
The company has made improvements to its security measures in the wake of the breach, and has made changes to the way its employees are assigned to the attack task.
In July, the company announced that it would move to a new security architecture and will now focus on security on the platform, including new software for mobile devices, as well as more targeted attack campaigns, such as “slam dunk” attacks, that would take advantage of weak encryption.
Earlier this month, the internet giant announced that the world will be watching to see how the attack unfolds, and whether the internet’s biggest service can regain its reputation.
ICL has said it will launch a “zero-day” vulnerability assessment in response to the breach.
In a statement, ICL said it would work with Trend and other industry experts to develop “a robust mitigation plan” to deal with the attack.