IMA Diligence Services Data Breach Impacts 525,000 People

The affected individuals’ personal information was stolen from a legacy server managed by a third party. The post IMA Diligence Services Data Breach Impacts 525,000 People appeared first on SecurityWeek .

According to public reports, IMA Diligence Services suffered a data breach after a legacy server managed by a third-party provider was accessed between December 8 and 16, leading to exfiltration of personal, financial, and medical data for approximately 525,306 individuals.[1][2][3] The compromised data included names, addresses, Social Security numbers, driver’s license numbers, financial account and credit card details, health insurance information, and in some cases passport and taxpayer identification numbers.[1][2] The incident has been claimed by the Genesis ransomware group, which says it stole about 700GB of data, and impacted individuals are being offered 12 months of credit monitoring and identity restoration services.[1][2][3] From a CyberSE.AI perspective, the key security implication is that sensitive data and high-value infrastructure hosted on third-party or legacy systems create significant AI supply chain exposure for any AI-enabled analytics, underwriting, or due-diligence platforms that rely on the same vendors; organizations should inventory and harden third-party environments, extend security baselines and SBOM-style visibility to legacy and hosted assets, and