Cyber Incident Victim: Entercom Communications
Date:
Aug 2019
Location:
United States of America
Summary
A US radio giant experienced unauthorized access to database backups stored on third-party cloud services, compromising user credentials including names, usernames, and passwords during a limited three-hour access window. The incident affected an undisclosed number of users of its streaming platform and was part of a series of security breaches occurring within a year, with prior attacks disrupting corporate email systems, file access, and digital platforms—some bearing similarities to ransomware operations. Following the breach, the company implemented enhanced security measures including password resets, multifactor authentication deployment, and staff cybersecurity training to mitigate future risks, while urging users to update reused credentials across other services.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On August 4, 2019, an unauthorized party accessed database backup files stored on third-party cloud services belonging to Entercom Communications, a US radio broadcasting giant operating over 235 stations and streaming content to approximately 170 million monthly users. The breach exposed Radio.com user credentials during a three-hour window, compromising names, usernames, and passwords. Entercom publicly disclosed the incident on March 10, 2020, nearly seven months after its occurrence, though the exact number of affected users remained undisclosed. The company confirmed the attackers specifically targeted backup files hosted externally, indicating a compromise of cloud-stored data rather than direct infiltration of Entercom’s primary networks. In response, Entercom initiated password rotations for Radio.com accounts and implemented multifactor authentication (MFA) to bolster account security. The firm also conducted staff cybersecurity training to address procedural vulnerabilities and urged users to change passwords not only on Radio.com but also on any other platforms where credentials might have been reused.
This incident marked Entercom’s third major cybersecurity breach within a year. Prior attacks occurred in September and December 2019, disrupting corporate email systems, internal file access, and digital broadcasting platforms. While Entercom did not confirm ransomware deployment in those cases, it acknowledged the incidents shared characteristics consistent with ransomware attacks, including operational interruptions and unauthorized system access. The company withheld technical specifics about all three breaches, including attacker methodologies, ransom demands, or whether data exfiltration occurred beyond the August 2019 credential exposure. The cumulative effect of these incidents highlighted persistent security challenges for the broadcaster, though Entercom’s post-incident measures focused on hardening cloud backups, access controls, and authentication protocols without disclosing further forensic findings or regulatory repercussions.