Incident Traced to December, Affected Data Includes Highly Sensitive Personal Identifiers
iHeartMedia has confirmed a data breach that occurred in December 2024, exposing sensitive personal information including Social Security numbers, passport numbers, and financial account details. The breach affected data stored on systems at a small number of local radio stations.
The San Antonio-based company owns more than 870 radio stations across the U.S. and operates the iHeartRadio platform, which hosts widely streamed podcasts such as Dear Chelsea, Anna Faris Is Unqualified, and The Ben Shapiro Show.
Breach Timeline and Response
According to an official notice sent to impacted individuals, the breach took place between December 24 and December 27, 2024. The company detected the activity in December and reports it had fully addressed the incident within a week.
“As soon as iHeart became aware, it immediately implemented its response protocols, took measures to contain the activity, and launched an investigation,” the company stated.
The investigation was completed on April 11, 2025, with notifications to affected individuals beginning on April 30.
A cybersecurity firm was brought in to support the response effort, and law enforcement agencies have been notified.
Data Types Exposed in the Breach
While all exposed records included names, many also contained additional sensitive data such as:
- Social Security numbers
- Tax identification numbers
- Driver’s license numbers
- State-issued ID numbers
- Passport numbers
- Financial account details
- Payment card numbers
The company did not disclose how many people were affected, though regulatory filings confirm at least one individual in Rhode Island, and three in Maine, were impacted. Maryland, New York, North Carolina, and New Mexico were also listed in the breach notification, though the number of affected individuals in those states remains undisclosed.
Remediation and Support for Affected Individuals
iHeartMedia said it has strengthened its internal security controls and is offering one year of complimentary credit monitoring and identity theft protection to those impacted.
