IMDataCenter Data Breach Exposes 10,800 Records

IMDataCenter, a Florida-based data solutions provider, experienced a data breach that exposed sensitive information. The incident originated from a misconfigured Amazon Web Services (AWS) storage bucket, which was left unsecured and accessible to anyone on the internet.

The cybersecurity incident compromised over 10,800 records, including files containing personally identifiable information (PII). The exposed files contained information about IMDataCenter client companies, with folder and file names suggesting data related to organizations in healthcare, insurance, political campaigns, airlines, universities and car dealerships.

According to HackRead, a cybersecurity researcher discovered the breach and notified IMDataCenter. Before the data was secured, a BreachForum user known as “ThinkingOne” claimed to have accessed and downloaded the entire exposed dataset.

The cybercriminal reported extracting 20 million unique email addresses, 37 million phone numbers and more than 50,000 Social Security numbers. The breach is considered severe due to the volume of the compromised data that can be leveraged for email phishing scams, identity theft or other fraudulent activity.

Other exposed information may include addresses, phone numbers, dates of birth and additional personal information. The breach is considered severe due to the nature and volume of the data involved. The detailed PII could be leveraged for highly convincing phishing scams, identity theft or other fraudulent activity.

IMDataCenter's response

Upon being alerted to the breach, IMDataCenter restricted public access to the exposed database. The company has been notifying clients.

Apex Class Action, a client of IMDataCenter, also issued notices to affected individuals, clarifying that the breach involved IMDataCenter’s environment and not their own network.

If you believe your personal information may have been compromised in this breach:

• Carefully review any notice or communication you receive from IMDataCenter or a company that does business with IMDataCenter.
• Monitor financial accounts and credit reports for signs of identity theft.
• Consider placing fraud alerts or credit freezes with the major credit bureaus.
• Be cautious of unsolicited emails or phone calls requesting personal information.

For more information about the company, visit the IMDataCenter website.