- iHeart confirms “several” radio stations were hit with a data breach
- Crooks took names, health, and payment data, from an undisclosed number of people
- The company notified the government and law enforcement
Multiple iHeartMedia radio stations suffered a cyberattack in which crooks stole sensitive customer data, the company has confirmed in a data breach notification letter sent to affected individuals, as well as filings with multiple US state attorney generals.
The Record spotted iHeartMedia reporting the breach to Maine, Massachusetts and California, but noted the company left out the field on the total number of affected individuals, so it isn’t known how many people had their data stolen.
In the notification letter it’s been sending out, the company said that between December 24 and December 27, 2024, an unauthorized actor “viewed and obtained” files stored on systems “at a small number of our local stations.”
Millions of messages
So, several radio stations appear to have been hit, but the company did not say how many.
iHeart is the largest audio-focused media company in the US, with 870 radio stations and a quarter of a billion listeners every month.
No threat actors have yet assumed responsibility for the attack, however, iHeart said that whoever it was, they managed to steal people’s full names, passport numbers and other governmental identification numbers, dates of birth, financial account information, payment card information, health information, and/or health insurance information.
The threat actors struck gold with this database. With names, birth dates, and health and insurance information, they can target people with tailored phishing attacks, and with passport numbers they can engage in identity theft.
Financial account information – particularly payment card information – can be used in wire fraud. The data hasn’t yet emerged for sale on the dark web either.
To tackle the threat, iHeart is giving out a year of identity theft protection services to affected individuals. It also set up a dedicated phone number for people with inquiries.
Via The Record
