iHeartMedia confirms data breach exposed sensitive customer and employee information

American media conglomerate iHeartMedia said that the data security incident it suffered last year compromised the sensitive personal information of its customers and employees.

 

Headquartered in San Antonio, Texas, iHeartMedia, is the largest radio station group owner in the country. With more than 850 stations, it has a quarter of a billion listeners every month.

 

In a data security incident notice filed with the Office of Maine Attorney General, iHeartMedia said that between December 24 and December 27, the company suffered a network intrusion where an unauthorised threat actor infiltrated its internal network and stole files stored on systems of certain local stations.

 

iHeartMedia immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident. It also took steps to secure the affected systems and notified relevant law enforcement authorities about the incident.

 

“We conducted a careful review of the files and, on April 11, 2025, determined that one or more of the files contained your information,” iHeartMedia said.

 

The compromised data included names, passport numbers, other government identification numbers, dates of birth, financial account information, payment card information, health information, and health insurance information.

 

iHeartMedia has also notified the Offices of Attorney Generals of Massachusetts and California, however, is yet to share the number of affected individuals.

 

“We regret that this incident occurred and apologise for any inconvenience it may cause, and to prevent similar occurrences in the future we have strengthened our existing security measures,” the media conglomerate added.

 

iHeartMedia has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general.

 

It has also offered one year of complimentary identity protection and credit monitoring services through Equifax to all affected individuals.

 

At the time of publishing, no known hacker group claimed responsibility for the cyber attack on iHeartMedia. The company also did not share details on who was behind the attack, how much data was compromised, or whether it has received a ransom demand.