Entercom has notified the California Attorney General’s office of a third cyberattack they were hit with in 2019.

In the notice Entercom states that while investigating the September ransomware attack on the company, they became aware of unauthorized activity on their third-party cloud hosting services where userdata for Radio.com users was stored. The investigation found that an unauthorized actor accessed information relating to Radio.com users contained in database backup files for three hours on August 4, 2019. The breacher was able to access all user’s names, username and passwords used on Our investigation determined the unauthorized actor gained access to the following types of information: name and Radio.com username and password.

In the aftermath of this breach, Entercom states they “have
taken and continue to take steps to prevent this type of incident from happening in the future, including by implementing password rotations, enabling multifactor authentication and stronger password policies for all cloud services, enhancing and broadening auditing based on best practices advised by third party experts, configuring alerts for certain behaviors using the relevant platforms, and providing additional training to staff on
data security. We are also notifying regulatory authorities, as required.” They are also notifying users that they should perform a check of their credit reports and order a freeze if necessary.

Entercom was then hit with what would now be considered a third attack in late December.

A request for comment to Entercom have gone unanswered as of now. We will update should they do so.