IMA Diligence Services is notifying over 525,000 individuals that their personal information was stolen in a data breach.
The incident, the company says, was identified in mid-December after a legacy server managed by a third party became inaccessible.
“Upon discovery, we notified law enforcement and promptly commenced an investigation to confirm the nature and scope of this incident,” an incident notice on the company’s website reads.
Working with external cybersecurity experts to investigate the data breach, IMA Diligence Services discovered that the attackers accessed the server between December 8 and December 16 and exfiltrated certain files.
After reviewing the stolen data, the company determined that it included personal information such as names, addresses, Social Security numbers, and driver’s license numbers.
Additionally, the hackers exfiltrated financial information, including account numbers and credit card numbers, medical and health insurance information, and, in some cases, passport numbers and taxpayer identification numbers.
IMA Diligence Services told the Indiana Attorney General’s Office that 525,306 people were impacted. The company is providing 12 months of free credit monitoring and identity restoration services to the affected individuals.
While the company’s notice does not include details on the threat actor responsible for the data breach, the incident was claimed by the Genesis ransomware group.
The gang added IMA Diligence Services to its Tor-based leak site in late January, claiming to have stolen 700 gigabytes of data from the company, including personal information, business documents, and confidential files.
SecurityWeek has emailed IMA Diligence Services for a statement on the matter and will update this article if the company responds.
A subsidiary of IMA Financial Group, IMA Diligence Services provides financial consulting services for acquisitions, mergers, and other corporate transactions. Founded in 2009, it was previously known as RedRidge Diligence Services.
Related: Charter Communications Data Breach Could Impact Nearly 5 Million
Related: Carnival Data Breach Exposed 6 Million People
Related: 185,000 Likely Impacted by 7-Eleven Data Breach
Related: 266,000 Affected by Data Breach at Radiology Associates of Richmond
