- IHEART confirms “Multiple” radio stations were hit by a data overgrazing
- Crooks took names, health and payment data from a non-revealed number of people
- The company informed the government and the law enforcement
Several IHEARTMEDIA radio stations suffered a cyberattack where Crooks stole sensitive customer data, the company has confirmed in a review of data violation sent to affected persons as well as archives with several US State Attorney General.
The post Spotted Iheartmedia, which reported the violation to Maine, Massachusetts and California, but noted that the company omitted the field of the total number of people affected, so it is not known how many people had their data stolen.
In the message letter, it sent out, the company said that between December 24 and December 27, 2024, an unauthorized actor “Set and obtained” Files stored on systems “to a small number of our local stations.”
Millions of messages
So more radio stations seem to have been hit, but the company did not say how many.
IHEART is the largest sound -focused media company in the United States with 870 radio stations and a quarter of a billion listeners each month.
No threat actors have yet taken responsibility for the attack, but IHEART said that whatever it was, they managed to steal people’s full names, passport numbers and other state identification numbers, birth dates, financial account information, debit card information, health information and/or health insurance information.
The threat actors hit gold with this database. With names, dates of birth and health and insurance information, the targeted people with tailor -made phishing attacks, and with passport numbers they can engage in identity theft.
Financial account information – especially debit card information – can be used in wire fraud. The data has not yet been made for sale on the dark web.
To tackle the threat, IHEART awards a year of protection services for identity theft to affected persons. It also created a dedicated phone number for people with queries.
Via The post
