In November 2025, a significant security breach occurred at Suno, an AI music generator, which was reportedly hacked through a supply chain attack. The hacker gained access to an employee's credentials, allowing them to view the source code that revealed how Suno scraped audio data from various platforms, including YouTube Music, Deezer, Genius, stock music libraries, and podcast RSS feeds. This incident raised serious concerns regarding copyright infringement, as major record labels have accused Suno of illegally using copyrighted material under the Digital Millennium Copyright Act (DMCA). Suno has defended its practices by claiming that it trains its AI on publicly available music files, arguing that it falls under the fair use doctrine. However, this assertion is contested by the record labels, which are actively pursuing legal action against Suno for these alleged violations. The breach also exposed sensitive customer information, including emails, phone numbers, and partial credit card numbers, which the hacker reportedly accessed. Despite the severity of the incident, Suno characterized it as a limited security incident that was quickly contained and did not notify customers about the breach. This lack of transparency has raised further questions about the company's commitment to data security and customer privacy. The incident has drawn parallels to similar allegations against Udio, a competitor of Suno, which has also been accused of scraping data from YouTube. Additionally, Google, the parent company of YouTube, faces its own allegations of copyright infringement from major book publishers, highlighting a broader issue within the tech industry regarding the use of copyrighted material without proper authorization. As the legal battles unfold, the implications for AI-generated content and copyright law will likely continue to evolve, prompting discussions about the ethical use of data in the development of AI technologies.