Several iHeartRadio stations hacked, customer and employee data stolen

1 month ago 31

(Image credit: Unsplash)

iHeart confirms "several" radio stations were hit with a data breach
Crooks took names, health, and payment data, from an undisclosed number of people
The company notified the government and law enforcement

Multiple iHeartMedia radio stations suffered a cyberattack in which crooks stole sensitive customer data, the company has confirmed in a data breach notification letter sent to affected individuals, as well as filings with multiple US state attorney generals.

The Record spotted iHeartMedia reporting the breach to Maine, Massachusetts and California, but noted the company left out the field on the total number of affected individuals, so it isn't known how many people had their data stolen.

In the notification letter it’s been sending out, the company said that between December 24 and December 27, 2024, an unauthorized actor “viewed and obtained” files stored on systems “at a small number of our local stations.”

Millions of messages

So, several radio stations appear to have been hit, but the company did not say how many.

iHeart is the largest audio-focused media company in the US, with 870 radio stations and a quarter of a billion listeners every month.

No threat actors have yet assumed responsibility for the attack, however, iHeart said that whoever it was, they managed to steal people’s full names, passport numbers and other governmental identification numbers, dates of birth, financial account information, payment card information, health information, and/or health insurance information.

The threat actors struck gold with this database. With names, birth dates, and health and insurance information, they can target people with tailored phishing attacks, and with passport numbers they can engage in identity theft.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Financial account information - particularly payment card information - can be used in wire fraud. The data hasn’t yet emerged for sale on the dark web either.

To tackle the threat, iHeart is giving out a year of identity theft protection services to affected individuals. It also set up a dedicated phone number for people with inquiries.

Via The Record

iHeartRadio Jingle Ball 2024 – how to watch online from anywhere
Take a look at our guide to the best authenticator app
We've rounded up the best password managers

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read Entire Article