US-based media conglomerate Urban One has confirmed a significant data breach that compromised sensitive personal information of hundreds of individuals. The company disclosed that the incident, discovered in March 2025, involved unauthorized access to its network resulting in the exfiltration of employee data. Details compromised include names, Social Security numbers, direct deposit details, W-2 tax information, and home addresses.
The breach came to light after Cactus, a known ransomware gang, claimed responsibility for the attack on March 12, 2025. Cactus alleged it had stolen 2.5 terabytes of data and posted a sample of documents—including a passport, contracts, and income statements—on its leak site to back its claims. Although Urban One has not officially confirmed Cactus’ assertions, it acknowledged that the attack was the result of a sophisticated social engineering campaign starting around February 13, 2025.
Affected individuals have been offered two years of free credit monitoring through Experian, with enrollment open until July 31, 2025. Notifications have already been sent to residents in Texas and Massachusetts, and additional disclosures are expected as investigations continue.
Cactus Ransomware: A Growing Cyber Threat
The Cactus ransomware group, active since April 2023, operates using a double extortion method—stealing sensitive data while simultaneously encrypting target systems. Victims are pressured to pay not just to regain system access but also to prevent their stolen data from being published.
Since its emergence, Cactus has been linked to over 46 confirmed attacks and 191 additional unconfirmed claims. Recent verified victims include Kinsey’s Archery Products, Athena Cosmetics, Tempel Steel Company, and Assa Abloy Sweden.
Cactus is part of a broader surge in ransomware activity across the United States, where 87 confirmed ransomware attacks in 2025 alone have compromised over 640,000 records, with the average ransom demand reaching $1.18 million. The FBI and cybersecurity experts continue to warn organizations about evolving ransomware tactics that combine data theft, extortion, and severe operational disruption.
Fallout and Response Measures
Urban One, headquartered in Silver Spring, Maryland, is the largest black-owned broadcasting company in the US, operating over 50 radio stations and two TV channels. Given its prominent standing, the breach raises serious concerns about cyber defenses in the media sector, especially among organizations handling substantial volumes of personal information.
ALSO READ: Call for Cyber Experts: Join FCRF Academy as Trainers and Course Creators
While the company insists that patient care services (via its media channels) and core business operations remain unaffected, questions linger regarding its cybersecurity infrastructure and incident response. Urban One’s decision to involve federal law enforcement and cybersecurity firm Mandiant indicates the seriousness of the attack.
For now, Urban One maintains that no financial account information or electronic medical records were compromised. However, cybersecurity experts advise affected individuals to remain vigilant against identity theft and phishing attempts. Given the sensitive nature of the data involved, victims are urged to monitor their financial accounts and credit reports closely.
As investigations proceed, Urban One faces mounting pressure to implement stronger security measures, enhance employee awareness training against phishing and social engineering, and reassure stakeholders about the integrity of its systems going forward.