iHeartMedia suffers breach that exposed personal data

Last updated: 1 May 2025
Lady Gaga holds an iHeartRadio award
Image by Michael Buckner/Billboard/Getty Images

iHeartMedia, America’s largest owner of radio stations, suffered a breach in December that exposed personal data, including Social Security and passport numbers.

The company told Cybernews via email that it detected the breach that same month and "fully addressed" it within a week, with the investigation concluding on April 11th. It started to inform the affected individuals on April 30th.

iHeartMedia owns more than 870 radio stations in the US and operates the iHeartRadio platform, home to popular podcasts such as its original Dear Chelsea with Chelsea Handler, as well as Anna Faris Is Unqualified and The Ben Shapiro Show.

ADVERTISEMENT

In a notice letter, the San Antonio, Texas-based company said that all of the files viewed and obtained by an “unauthorized actor” contained names, while some also included:

  • Social Security numbers
  • Tax identification numbers
  • Driver's license numbers
  • State identification card numbers
  • Passport numbers
  • Financial account numbers
  • Payment card numbers

iHeart said that the exposed files were stored on systems at “a small number” of its local stations.

It did not disclose the total number of affected individuals, though at least three were residents of Maine, where state law requires companies to send data breach notifications.

The letter said at least one Rhode Island resident was affected by the breach, while Maryland, New York, North Carolina, and New Mexico were also listed, though the number of affected individuals in those states was not disclosed.

According to the notification letter, the unauthorized party accessed files between December 24th and December 27th last year.

Marcus Walsh profile Stefanie Ernestas Naprys Konstancija Gasaityte profile
Don’t miss our latest stories on Google News
Google News Follow us

“As soon as iHeart became aware, it immediately implemented its response protocols, took measures to contain the activity, and launched an investigation,” the company said.

ADVERTISEMENT

“Additionally, a cybersecurity firm that has assisted other companies in similar situations was engaged, and iHeart notified law enforcement,” it added.

iHeart said it had strengthened its security measures and would offer affected individuals one year of credit monitoring and identity theft protection.

The text has been updated with the comment from iHeart.

Share
Post
Share
Share
Share
More from Cybernews
US mental health clinic hack exposes tens of thousands
DDoSecrets publishes 410 GB of messages from hacked Signal clone used by Mike Waltz
Huawei’s latest laptop becomes the first foldable PC for a solid price
Your AI isn’t safe: How LLM hijacking and prompt leaks are fueling a new wave of data breaches
23andMe customer data will be used for drug research following acquisition, Regeneron says
Elton John slams UK's AI copyright plans as ‘criminal’
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked