Entercom, the second-largest radio company in the United States, has announced that it suffered a cybersecurity incident related to its Radio.com domain. The company has found that in August 2019 an intruder accessed the company's backup cloud database that contained sensitive user data, including possibly Social Security Numbers (SSNs) and driver's license numbers. Entercom disclosed the breach by sending emails to the affected users and sharing it with the Office of the Attorney General of the State of California.
After suffering a cyberattack in September 2019, the company requested assistance from external computer forensic specialists to see what data had been compromised.
During the investigation, the team uncovered that an unknown party had accessed a third-party cloud hosting service the company uses to host information provided by their listeners. They zeroed in on a specific three-hour timeframe on August 4th, 2019, during which the hackers accessed a database with backup files containing the personal protected information of Radio.com users.
RELATED READING: Types of backup and five backup mistakes to avoid
“Our investigation determined that the impacted database backup files contained, and the unauthorized actor may have accessed, the following types of your personal information: name, Social Security number, and driver’s license number,” said Entercom.
The login credentials of Radio.com users were also compromised. The company kept mum on how many of its users were actually affected, although it did confirm that it was aware of the number. The radio giant gave assurances that it takes the breach seriously and is implementing a wide range of measures to prevent any such breaches in the future:
“We have taken and continue to take steps to prevent this type of incident from happening in the future, including by implementing password rotations, enabling multifactor authentication and stronger password policies for all cloud services, enhancing and broadening auditing based on best practices advised by third party experts, configuring alerts for certain behaviors using the relevant platforms, and providing additional training to staff on data security,” the company said in its statement, adding that it notified regulatory authorities about the breach as well.
Entercom also strongly encouraged its customers to take preventive measures as well such as changing their password for the service. Users who recycle their login details across multiple online accounts should change their passwords for the other services as well.
The company also offered access to 12 months of complimentary credit monitoring and identity theft restoration services at no cost to users.