Breach of legendary Chicago radio station exposes financial data, contracts, hackers claim

Last updated: 10 July 2025
Wfmt classic music breach
Image by Cybernews.

WFMT, a well-known Chicago-based radio station, was allegedly breached by a hacker group. The attackers claim they’ve taken a trove of sensitive personal and business information.

The classical music radio station was posted on Play ransomware‘s dark web blog, which the cyber cartel uses to showcase its latest victims. In an attempt to coax the victim to meet ransom demands, the gang claims to have released part of the supposedly stolen data.

We have reached out to WFMT and will update the article once we receive a reply.

ADVERTISEMENT
Wfmt data breach sample
Sample of the leaked data. Image by Cybernews.

The Cybernews research team investigated the 5.5GB data dump, concluding that the information attackers shared includes:

  • Payrolls
  • Medical insurance details
  • Company budgets
  • Government grants
  • Various contracts and reports

At least in theory, attackers could utilize the leaked information for identity theft. Attackers especially crave medical insurance details as they can sell them on the dark web for individuals looking for ways to get fraudulent claims for prescription drugs.

Has my data been leaked?
Check Now

Established in 1948, WMFT is one of the longest-running classical music stations in the US. It was one of the first radio superstations delivered via satellite and cable systems across the US and other countries worldwide. WFMT is the only individual station that’s a member of the European Broadcasting Union (EBU).

Meanwhile, Play ransomware is a major player in the cybercrime underworld, elbowing its way into the top three of the most active ransomware cartels in 2024.

In 2023, Play was behind the attack against the Palo Alto County Sheriff's office in Iowa and the Donald W. Wyatt maximum security detention center in Rhode Island.

ADVERTISEMENT

According to an Adlumin profile, Play is thought to be one of the first ransomware groups to use intermittent encryption, in which only certain fixed segments of a system are encrypted.

The method allows for faster access and exfiltration of a victim's data, and it seems other notorious groups have since adopted the tactic, including ALPHV/BlackCat, DarkBit, and BianLian.

Marcus Walsh profile Niamh Ancell BW Stefanie Neilc
Stay informed and get our latest stories on Google News
Google News Follow us
Share
Post
Share
Share
Share
More from Cybernews
Too easy: naturally biased AI chatbots change people’s politics with just a few messages
Motorola’s new “AI labels” aim to build public trust in safety tech
Password manager Dashlane to discontinue free plan in September
Hackers can access brain scans and other sensitive data from over 1.2 million medical devices
Instagram Map rivals Snapchat, but the same privacy concerns linger eight years later
Google to provide free AI training to "every college student in America" pledging $1B investment
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked