Cyber Incident Victim: Image-I-Nation Technologies, Inc

On or around November 1, 2018, unauthorized actors gained access to a database maintained by Image-I-Nation Technologies, Inc., a North Carolina-based software and hosting provider serving major credit reporting agencies. The breach persisted until approximately November 15, 2018, when the company secured its systems. Image-I-Nation discovered the intrusion on December 20, 2018, initiating an investigation that confirmed the two-week compromise window. The compromised database contained personal information of individuals who had undergone consumer reporting through the company's systems, including Social Security numbers, full names, dates of birth, and residential addresses. The company stated no evidence of actual misuse of stolen data had been identified at the time of disclosure.

Image-I-Nation operated as part of FRS Software, providing employee and background screening services to Equifax, Experian, and TransUnion. This relationship positioned the firm as a supply chain target for attackers seeking identity data typically held by credit agencies. Between December 2018 and February 2019, breach notifications were filed with state authorities in Washington, Montana, Vermont, and New Hampshire, though the total number of affected individuals remained undisclosed. The incident highlighted third-party risks to consumer data ecosystems, with attackers exploiting vulnerabilities in a service provider rather than targeting the credit agencies directly. Image-I-Nation's public communications emphasized system security restoration by November 15 but did not disclose technical details of the intrusion vector, containment measures, or forensic methodology. Exposed individuals faced elevated risks of identity theft and phishing campaigns due to the sensitivity of the compromised data categories.