When did the iHeartMedia cyber attack take place?

The cyber attack took place between December 24th and December 27th, 2024. While the breach was detected in the same month and reportedly 'fully addressed' within a week, the investigation continued until April 11th, 2025.

What types of personal information were exposed in the iHeartMedia breach?

The exposed data includes Social Security numbers, driver's license numbers, passport numbers, state ID card numbers, tax ID numbers, financial account numbers, and payment card numbers.

How many individuals were affected by the iHeartMedia data breach?

The exact number of affected individuals has not been disclosed by iHeartMedia. However, the company confirmed that victims include residents of multiple states: Maryland, New York, New Mexico, North Carolina, and Rhode Island.

What systems were compromised in the iHeartMedia breach?

According to iHeartMedia, unauthorized actors gained access to sensitive personal information stored on systems at 'a small number' of their local stations. However, given that victims span multiple states (Maryland, New York, New Mexico, North Carolina, and Rhode Island), the impact appears to be more widespread than implied.

When did iHeartMedia begin notifying affected customers?

iHeartMedia began notifying affected customers on April 30th, 2025, more than four months after the initial breach occurred.

What is the nature of the attack that affected iHeartMedia?

The specific nature of the attack has not been disclosed by iHeartMedia. The company has only confirmed that unauthorized actors gained access to sensitive personal information stored on their systems.

How long did it take iHeartMedia to address the breach?

According to iHeartMedia, the breach was 'fully addressed' within a week of detection. However, the investigation into the incident continued until April 11th, 2025, approximately three and a half months after the breach was initially detected.

Incident

iHeartMedia data breach exposes personal information at "a small number" of their stations

published: May 3, 2025

Learn More

iHeartMedia, the largest audio company in the United States with over 850 radio stations across the US and Canada, is reporting a significant data breach that occurred in December 2024.

The company operates the popular iHeartRadio streaming service and SiriusXM satellite radio,

The cyber attack took place between December 24th and December 27th, 2024. The breach was detected in the same month and "fully addressed" within a week, but the investigation continued until April 11th, 2025. The exposed data includes:

Social Security numbers
Driver's license numbers
Passport numbers
State ID card numbers
Tax ID numbers
Financial account numbers
Payment card numbers

The number of affected individuals and the nature of the attack are not disclosed. iHeartMedia claims that unauthorized actors gained access to sensitive personal information stored on systems at "a small number" of their local stations, but they also confirmed that victims include residents of multiple states: Maryland, New York, New Mexico, North Carolina, and Rhode Island. That doesn't sound like "small number" to us.

The company began notifying affected customers on April 30th, 2025.

iHeartMedia data breach exposes personal information at "a small number" of their stations