Skip to main content

iHeartMedia Data Breach Investigation

Written by Joseph Lyon on . Posted in Data Breach.

The data breach lawyers at The Lyon Firm are investigating a reported data security incident at iHeartMedia. The company has begun sending out data breach notification letters to all known impacted individuals. Contact our legal team to learn how to protect yourself following any data theft incident and to consider joining ongoing class action litigation. Our attorneys have filed numerous data breach lawsuits on behalf of plaintiffs nationwide. Call for a free consultation and case review.

What happened at iHeartMedia?

After an investigation, iHeart concluded that sensitive personal information stored on their IT systems at a number of its local stations may have been accessed and acquired by an unauthorized third party between December 24 and December 27, 2024.

On April 30, 2025, iHeart began mailing data breach notification letters to impacted individuals. A link to the sample breach notification letters that iHeart sent to the Attorney General of California is available. The notice should provide affected individuals with a list of the specific types of sensitive personal identifiable information and protected health information compromised, which can include the following:

  • Name
  • Social Security number
  • Date of birth
  • Passport or other governmental identification number
  • Financial account information
  • Payment card information
  • Health information
  • Health insurance information

iHeart Media is an audio broadcasting and media company based in New York, New York. The company’s platforms include radio broadcasting, online, mobile, digital and social media, podcasts, live concerts and events, syndication, music research services and independent media representation.

If you choose to take legal action, the following compensation and damages may be available in a data breach lawsuit settlement:

  • Direct Financial Losses: This covers any out-of-pocket expenses incurred as a result of the data breach, such as unauthorized charges on credit cards or bank accounts.
  • Identity Theft and Fraud-related Costs: This includes expenses related to identity theft, such as credit monitoring services, legal fees, and costs associated with reclaiming one’s identity.
  • Loss of Income: If the breach leads to loss of income due to fraud or identity theft, victims may seek compensation for the wages they would have earned.
  • Emotional Damages: Data breach victims may also be eligible for non-monetary damages, which are intended to compensate for emotional distress, loss of privacy, and other intangible harm resulting from the breach.
  • Punitive Damages: In some cases, if the responsible party’s conduct was particularly egregious, willful, or negligent, a court may award punitive damages to punish the wrongdoer and deter future misconduct.