Several iHeartRadio stations hacked, customer and employee data stolen
Very sensitive PII was taken in iHeartRadio attack

- iHeart confirms "several" radio stations were hit with a data breach
- Crooks took names, health, and payment data, from an undisclosed number of people
- The company notified the government and law enforcement
Multiple iHeartMedia radio stations suffered a cyberattack in which crooks stole sensitive customer data, the company has confirmed in a data breach notification letter sent to affected individuals, as well as filings with multiple US state attorney generals.
The Record spotted iHeartMedia reporting the breach to Maine, Massachusetts and California, but noted the company left out the field on the total number of affected individuals, so it isn't known how many people had their data stolen.
In the notification letter it’s been sending out, the company said that between December 24 and December 27, 2024, an unauthorized actor “viewed and obtained” files stored on systems “at a small number of our local stations.”
Keeper is a cybersecurity platform primarily known for its password manager and digital vault, designed to help individuals, families, and businesses securely store and manage passwords, sensitive files, and other private data.
It uses zero-knowledge encryption and offers features like two-factor authentication, dark web monitoring, secure file storage, and breach alerts to protect against cyber threats.
Preferred partner (What does this mean?)
Millions of messages
So, several radio stations appear to have been hit, but the company did not say how many.
iHeart is the largest audio-focused media company in the US, with 870 radio stations and a quarter of a billion listeners every month.
No threat actors have yet assumed responsibility for the attack, however, iHeart said that whoever it was, they managed to steal people’s full names, passport numbers and other governmental identification numbers, dates of birth, financial account information, payment card information, health information, and/or health insurance information.
The threat actors struck gold with this database. With names, birth dates, and health and insurance information, they can target people with tailored phishing attacks, and with passport numbers they can engage in identity theft.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Financial account information - particularly payment card information - can be used in wire fraud. The data hasn’t yet emerged for sale on the dark web either.
To tackle the threat, iHeart is giving out a year of identity theft protection services to affected individuals. It also set up a dedicated phone number for people with inquiries.
Via The Record
You might also like
- iHeartRadio Jingle Ball 2024 – how to watch online from anywhere
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.