Cyber Incident Victim: Urban One

On February 13, 2025, media conglomerate Urban One experienced a cyberattack initiated through a sophisticated social engineering campaign. The Maryland-based company—the largest media firm targeting the African American community—discovered the breach on March 15, 2025, following claims by the Cactus ransomware gang on March 12. Forensic investigations concluded by March 30 confirmed unauthorized data exfiltration, though the incident did not disrupt company operations. Compromised information included employee names, addresses, Social Security numbers, direct deposit details, and W-2 forms. Urban One filed breach notifications in Texas and Massachusetts, disclosing that 355 Texas residents were affected. The company offered two years of credit monitoring to victims and notified law enforcement but did not publicly comment on the attack.

Urban One, which operates TV channels, radio stations, and news websites while reporting $450 million in 2024 revenue, had previously disclosed a 2019 California breach involving over 1,000 Social Security numbers. The Cactus gang—active since 2023 and noted by Microsoft for distributing malware via online ads—claimed responsibility for the 2025 attack. The group had previously targeted Americold (the largest temperature-controlled warehouse REIT), a major Swedish supermarket chain, the Los Angeles Housing Authority, and Schneider Electric. No operational disruptions occurred during the breach, but stolen employee financial data heightened identity theft risks for affected individuals.