IMA Financial, a finance company worth around $1.5bn that employs 1,800 workers, has reported a suspected cyberattack that compromised the personal data of around a thousand of its clients. The data breach has affected 941 residents of Texas, including their Social Security numbers, driver’s license details, passport numbers, credit card data, and medical records and insurance.
The company reported the breach to the authorities in Texas on April 25, which is a legal requirement for affected businesses to do so.
The company detected “unusual activity within its computer network” last October, confirming that folders containing sensitive files were accessed by a suspected threat actor.
After discovering that sensitive consumer data was made available to an unauthorized party, IMA Financial Group began reviewing the affected files to determine what information was compromised and which consumers were impacted.
The company said it sent letters of notification to its clients on April 19, after completing an investigation to determine what data was affected the previous month.
This cyberattack is another example of how victims of cybercrime can range far and wide. The breach was disclosed to the Attorney General in Texas, where the victims are located.
IMA Financial is now cooperating with law enforcement authorities, forensic experts, and regulatory agencies to investigate and address the incident. The company is also offering credit monitoring and identity theft protection services to the affected individuals.
