IMA Diligence Services Data Breach Impacts 525,000 People

Summary

IMA Diligence Services notified over 525,000 individuals of a data breach affecting a legacy server managed by a third party. Attackers accessed the server between December 8–16 and exfiltrated personal information including names, SSNs, driver's licenses, financial data, and medical records. The Genesis ransomware group claimed responsibility and posted 700GB of stolen data on its Tor-based leak site.

Full text

IMA Diligence Services is notifying over 525,000 individuals that their personal information was stolen in a data breach. The incident, the company says, was identified in mid-December after a legacy server managed by a third party became inaccessible. “Upon discovery, we notified law enforcement and promptly commenced an investigation to confirm the nature and scope of this incident,” an incident notice on the company’s website reads. Working with external cybersecurity experts to investigate the data breach, IMA Diligence Services discovered that the attackers accessed the server between December 8 and December 16 and exfiltrated certain files. After reviewing the stolen data, the company determined that it included personal information such as names, addresses, Social Security numbers, and driver’s license numbers. Additionally, the hackers exfiltrated financial information, including account numbers and credit card numbers, medical and health insurance information, and, in some cases, passport numbers and taxpayer identification numbers.Advertisement. Scroll to continue reading. IMA Diligence Services told the Indiana Attorney General’s Office that 525,306 people were impacted. The company is providing 12 months of free credit monitoring and identity restoration services to the affected individuals. While the company’s notice does not include details on the threat actor responsible for the data breach, the incident was claimed by the Genesis ransomware group. The gang added IMA Diligence Services to its Tor-based leak site in late January, claiming to have stolen 700 gigabytes of data from the company, including personal information, business documents, and confidential files. SecurityWeek has emailed IMA Diligence Services for a statement on the matter and will update this article if the company responds. A subsidiary of IMA Financial Group, IMA Diligence Services provides financial consulting services for acquisitions, mergers, and other corporate transactions. Founded in 2009, it was previously known as RedRidge Diligence Services. Related: Charter Communications Data Breach Could Impact Nearly 5 Million Related: Carnival Data Breach Exposed 6 Million People Related: 185,000 Likely Impacted by 7-Eleven Data Breach Related: 266,000 Affected by Data Breach at Radiology Associates of Richmond Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights. More from Ionut Arghire Critical Vulnerability in HP VoIP Phones Enables Enterprise Network BreachesMeta AI Hands Over High-Profile Instagram Accounts to HackersSupply Chain Attack Hits 32 Red Hat NPM PackagesOracle’s First Monthly Patches Resolve 77 VulnerabilitiesWP Maps Pro Vulnerability Exploited to Take Over WordPress SitesDutch Police Dismantle Massive 17-Million-Device BotnetCritical Windows Netlogon Vulnerability in Attackers’ Crosshairs19-Year-Old Linux Kernel Vulnerability Exposes Systems to Root Access Latest News Kirki, Burst Statistics WordPress Plugin Flaws in Attackers’ CrosshairsSecurity of 100 AI Agents Tested and Ranked – What You Need to KnowHackers Target Global Stock Exchange in Espionage OperationOrganizations Warned of Exploited Linux Kernel Vulnerability‘HTTP/2 Bomb’ Exploit Knocks Web Servers Offline in SecondsMicrosoft Tries to Calm Legal Threat Fears After Zero-Day Disclosure BacklashTrump Signs Executive Order That Invites Vetting of Top AI Models for National Security RisksTwo New Reports Offer Competing Explanations for Cybersecurity’s Growing Crisis Trending Daily Briefing NewsletterSubscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Third-Party Risk in Practice June 4, 2026 Organizations are investing heavily in third-party risk management, but breaches, delays, and blind spots continue to persist. Join this live webinar as we examine the gap between how organizations think their third-party risk programs are performing and what’s actually happening in practice. Register Virtual Roundtable: CISO Forum 2026 Mid-Year Review June 10, 2026 Explore how attackers are using AI to scale threats and how security teams can respond with AI-driven defenses. Protecting against unmonitored use of generative AI (Shadow AI) in business units and building and enforcing AI governance frameworks. Register People on the MoveRapid7 announced that Wael Mohamed will assume the role of Chief Executive Officer, replacing current Chief Executive Officer Corey Thomas, who will become Executive Chairman of the Board.Anurag Jain has been appointed Senior Vice President of Engineering at CodeHunter.CTERA has appointed Tal Sarfaty as Senior Vice President of Cybersecurity.More People On The MoveExpert Insights The Zero-Knowledge Threat Actor and the End of Responsible Disclosure AI can help attackers generate malware, create malicious payloads, bypass simple security checks, and convert vague malicious intent into functional code. (Etay Maor) Raising the Cybersecurity Stakes: Ante up for the Agentic Era CISOs are now facing machine-speed attacks and asking, “How do I agent?” The industry must provide remediation at scale. (Nadir Izrael) Caught Off Guard: Securing AI After It Hits Production As enterprises rush AI projects into production, security teams are increasingly being forced into reactive mode. (Joshua Goldfarb) Cyber Resilience is the New Business Continuity Plan The organizations best prepared to face disruption are those that align security, continuity and risk management around what the business cannot afford to lose. (Steve Durbin) Enhancing Data Center Security Without Sacrificing Performance For AI data centers, where the stakes are the highest and performance constraints are the tightest, security and performance are no longer a zero-sum game. (Nadir Izrael) Flipboard Reddit Whatsapp Whatsapp Email

Indicators of Compromise

• malware — Genesis

Entities