iHeartMedia Data Breach Exposes Sensitive Data: Class Action Lawsuit Filed in May 2025

iHeartMedia Data Breach Exposes Sensitive Data: Class Action Lawsuit Filed in May 2025

Were you affected by the iHeartMedia data breach? You may be entitled to compensation.

In today’s digital age, data breaches are becoming increasingly common, and the latest victim is iHeartMedia, the largest radio station owner in the United States. In May 2025, a class action lawsuit was filed against iHeartMedia following a significant data breach that exposed the sensitive data of an undisclosed number of individuals. The breach, which occurred in December 2024, has raised serious concerns about the company’s data security practices and its delayed response in notifying affected individuals. The lawsuit highlights the growing need for companies to prioritize cybersecurity and protect consumer data.

What Happened?

Between December 24 and December 27, 2024, unauthorized actors infiltrated iHeartMedia’s systems at a number of its local radio stations. Exploiting the holiday period when staffing was reduced, the hackers gained access to a treasure trove of sensitive personal information (PII) and protected health information (PHI). This included:

  • Names
  • Social Security numbers
  • Tax ID Numbers
  • Driver’s license numbers
  • State identification card numbers
  • Passport numbers
  • Financial account information
  • Payment card numbers
  • Health information
  • Health insurance information
  • Date of birth

This type of data is a “gold mine for data thieves” and can be used for identity theft, financial fraud, medical fraud, and other malicious activities.

The Delayed Response

One of the key grievances in the lawsuit is the significant delay between when the breach occurred and when iHeartMedia notified affected individuals. Although the breach took place in December 2024, iHeartMedia did not complete its investigation until April 11, 2025, and notifications were not sent out until April 30, 2025 – over four months after the initial incident.

This delay left victims unaware that their personal information had been compromised, increasing their risk of identity theft and other forms of data misuse. As the lawsuit states, “As a result of this delayed response, the plaintiff had no idea for four months that their private information had been compromised. The risk [from this data breach] will remain for their respective lifetimes.”

Legal Action and Class Action Lawsuit

In response to the data breach and the delayed notification, a class action lawsuit was filed in the U.S. District Court for the Southern District of New York on May 7, 2025. The lawsuit, brought on behalf of Tennessee resident Cheryl Shields and other similarly affected individuals, alleges that iHeartMedia failed to adequately secure sensitive data and unreasonably delayed notifying victims.

The lawsuit seeks damages for negligence and violations of federal trade law and aims to reform the company’s data security practices. Among the demands are:

  • Monetary damages for affected individuals
  • Lifetime credit monitoring services
  • Internal security audits
  • Significant upgrades to the company’s data protection protocols

The plaintiffs argue that iHeartMedia’s security protocols were insufficient for a company of its size and responsibility. “Had iHeart properly monitored its networks, it would have discovered the breach sooner,” the lawsuit claims.

What Are Your Rights?

If you received a data breach notification from iHeartMedia, your sensitive personal, financial, or health information may have been exposed. As a result, you may be entitled to compensation for the harm you have suffered.

Potential damages in a data breach lawsuit can include:

  • Direct Financial Losses: Reimbursement for any out-of-pocket expenses incurred due to the breach, such as unauthorized charges on credit cards or bank accounts.
  • Identity Theft and Fraud-Related Costs: Compensation for expenses related to identity theft, such as credit monitoring services, legal fees, and costs associated with reclaiming one’s identity.
  • Loss of Income: If the breach leads to loss of income due to fraud or identity theft, victims may seek compensation for lost wages.
  • Emotional Distress: Compensation for emotional distress, loss of privacy, and other intangible harm resulting from the breach.
  • Punitive Damages: In cases where the company’s conduct was particularly egregious, willful, or negligent, a court may award punitive damages to punish the wrongdoer and deter future misconduct.

Steps to Take if You Are Affected

If you have been notified that your information was compromised in the iHeartMedia data breach, it is crucial to take immediate steps to protect yourself:

  1. Monitor Your Credit Reports: Obtain copies of your credit reports from all three major credit bureaus (Equifax, Experian, and TransUnion) and review them carefully for any unauthorized activity.
  2. Place a Fraud Alert or Credit Freeze: Consider placing a fraud alert on your credit file, which requires creditors to verify your identity before opening new accounts. For even greater protection, you can place a credit freeze, which restricts access to your credit report and makes it more difficult for identity thieves to open accounts in your name.
  3. Change Your Passwords: Update your passwords for all online accounts, especially those containing sensitive information. Use strong, unique passwords and consider using a password manager to help you keep track of them.
  4. Be Vigilant for Phishing Scams: Be cautious of any unsolicited emails, phone calls, or text messages asking for personal information. Data breach victims are often targeted by phishing scams designed to steal their information.
  5. Enroll in Credit Monitoring Services: iHeartMedia is offering complimentary credit monitoring services to affected individuals. Take advantage of this offer to help detect any signs of identity theft or fraud.
  6. Consider Identity Theft Protection Services: In addition to credit monitoring, consider enrolling in identity theft protection services, which offer a range of features such as identity theft insurance and assistance with restoring your identity if it is stolen.

The Importance of Data Security

The iHeartMedia data breach serves as a stark reminder of the importance of data security and the potential consequences of failing to protect sensitive information. Companies that collect and store personal data have a responsibility to implement appropriate security measures to safeguard that data from unauthorized access.

These measures may include:

  • Regularly monitoring networks for suspicious activity
  • Implementing strong access controls
  • Encrypting sensitive data
  • Training employees on data security best practices
  • Having a comprehensive incident response plan in place

By taking these steps, companies can reduce their risk of data breaches and protect the privacy and security of their customers’ information.

What Does This Mean for You?

The iHeartMedia data breach highlights the increasing risks individuals face in the digital age. With so much of our personal information stored online, it is more important than ever to be vigilant about protecting our data and to take swift action when a breach occurs.

If you have been affected by the iHeartMedia data breach, understanding your rights and taking the necessary steps to protect yourself is crucial.