Call Us

iHeartMedia + Entertainment, Inc. Data Breach

Posted on behalf of Arnold Law Firm on May 5, 2025 in Data Breach
Updated on May 7, 2025

NOTICE: If you received a NOTICE OF DATA BREACH letter from iHeartMedia + Entertainment, Inc., contact the Arnold Law Firm at (916) 777-7777 to discuss your legal options, or submit a confidential Case Evaluation form here.

​​​​​​​​On April 30, 2025, iHeartMedia + Entertainment, Inc. (“iHeartMedia”) reported a significant cybersecurity incident to both the Maine and California Attorneys General. The incident, which occurred between December 24 and December 27, 2024, involved unauthorized access to iHeartMedia’s systems at a limited number of local stations (the “Data Breach”). An investigation concluded on April 11, 2025, confirms that sensitive personal information had been compromised during the Data Breach. 

Recently, iHeartMedia began sending data breach notification letters to individuals affected by the Data Breach. These letters include information about the incident and steps individuals can take to protect their personal information. As of now, iHeartMedia has not disclosed the total number of individuals impacted by the Data Breach. If you received a data breach notification letter from iHeartMedia, it indicates that your information was affected by the Data Breach.

Headquartered in New York, New York, iHeartMedia is a leading audio and media company in the United States, primarily focusing on radio broadcasting, digital audio platforms, and live events. The company owns and operates a vast network of radio stations, offers podcasting services through its iHeartRadio platform, and organizes various live events. iHeartMedia employs over 5,000 individuals and serves over 160 markets nationwide through more than 860 live broadcast stations. In 2024, iHeartMedia reported annual revenue of approximately $3.85 billion,

WHAT INFORMATION IS INVOLVED IN THE iHEARTMEDIA + ENTERTAINMENT, INC. DATA BREACH?

The types of information compromised vary by individual but may include the following: 

  • Full name,
  • Date of birth,
  • Passport number and/or other governmental identification number,
  • Financial account information,
  • Payment card information,
  • Health information,
  • and/or health insurance information. 

This information is called your Personally Identifiable Information (“PII”). It tells others about you and is considered part of your identity. Businesses are required to secure this information or risk facing statutory penalties, among other legal penalties. Stolen PII can be used by identity thieves to engage in fraudulent activity using your identity. 

Personal medical information (a specific type of PII) is referred to as Protected Health Information (“PHI”). It is protected under both state and federal law. Healthcare providers and other businesses who handle PHI are required to protect that information. Like stolen PII, stolen PHI can be used by identity thieves to engage in fraudulent activity using your identity. Quite often, PII and PHI are used in conjunction by hackers.

The best way to protect yourself after a data breach is to sign up for credit and identity protection services as soon as possible. 

California offers extra protections and legal rights to its residents through the California Consumer Privacy Act (“CCPA”).

NOTICE: If you received a NOTICE OF DATA BREACH letter from iHeartMedia + Entertainment, Inc., contact the Arnold Law Firm at (916) 777-7777 to discuss your legal options, or submit a confidential Case Evaluation form here.