Serviceteam IT Security News

An unknown number of people had their personal data exposed as hackers accessed database backup files

Entercom, the second-largest radio company in the United States, has announced that it suffered a cybersecurity incident related to its Radio.com domain. The company has found that in August 2019 an intruder accessed the company’s backup cloud database that contained sensitive user data, including possibly Social Security Numbers (SSNs) and driver’s license numbers. Entercom disclosed the breach by sending emails to the affected users and sharing it with the Office of the Attorney General of the State of California.

After suffering a cyberattack in September 2019, the company requested assistance from external computer forensic specialists to see what data had been compromised.

During the investigation, the team uncovered that an unknown party had accessed a third-party cloud hosting service the company uses to host information provided by their listeners. They zeroed in on a specific three-hour timeframe on August 4th, 2019, during which the hackers accessed a database with backup files containing the personal protected information of Radio.com users.

RELATED READING: Types of backup and five backup mistakes to avoid

“Our investigation determined that the impacted database backup files contained, and the unauthorized actor may have accessed, the following types of your personal information: name, Social Security number, and driver’s license number,” said Entercom.

The login credentials of Radio.com users were also compromised. The company kept mum on how many of its users were actually affected, although it did confirm that it was aware of the number. The radio giant gave assurances that it takes the breach seriously and is implementing a wide range of measures to prevent any such breaches in the future:

“We have taken and continue to take steps to prevent this type of incident from happening in the future, including by implementing password rotations, enabling multifactor authentication and stronger password policies for all cloud services, enhancing and broadening auditing based on best practices advised by third party experts, configuring alerts for certain behaviors using the relevant platforms, and providing additional training to staff on data security,” the company said in its statement, adding that it notified regulatory authorities about the breach as well.

Entercom also strongly encouraged its customers to take preventive measures as well such as changing their password for the service. Users who recycle their login details across multiple online accounts should change their passwords for the other services as well.

The company also offered access to 12 months of complimentary credit monitoring and identity theft restoration services at no cost to users.

Source: HERE

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!