Imag-I-Nation Technologies hacked resulting in the compromise of the consumer report database

• The consumer report database was accessed by a mysterious hacker on November 1, 2018.
• The data stolen in the hack includes full names, dates of birth, home addresses and social security numbers of customers.

Imag-I-Nation Technologies, a company that develops and support software for handling consumer reports and background checks, has suffered an attack. The attack occurred sometime in November 2018, resulting in the compromise of the consumer report database.

What happened?

The consumer report database in question was accessed by a mysterious hacker on November 1, 2018. Following the hack, the database was left open to the hacker until the intrusion was discovered and locked down on November 14.

"Upon discovering this incident, we immediately conducted an investigation to determine how this incident occurred and who was impacted. We have retained a forensic IT firm to conduct an analysis and remediation of our system," said the firm, The Register reported.

However, by the time the hack was discovered and remediated, the mysterious hacker had gained access to customers’ sensitive information such as their full names, dates of birth, home addresses, and social security numbers.

Action taken

As a part of security measures, the firm has enhanced the security of its critical systems and infrastructures to prevent such future attacks. In addition, it is also notifying the three major credit bureaus - Experian, Equifax and Transunion about the breach.

"We have also reviewed our internal data management and protocols and have implemented enhanced security measures to help prevent this type of incident from recurring. We are also notifying the three major credit bureaus, Experian, Equifax and TransUnion, to advise them that your personal information may have been improperly accessed and that they should take appropriate action,” the firm added.

While the overall number of customers impacted in the incident is unknown, the firm has claimed it will be notifying some 3,695 US citizens about the breach.