Cyber Incident Victim: IMA Diligence Services

IMA Diligence Services identified the data breach in mid‑December after a legacy server managed by a third party became inaccessible. Upon discovery, the company notified law enforcement and commenced an investigation to confirm the nature and scope of the incident. Working with external cybersecurity experts, investigators determined that the attackers accessed the compromised server between December 8 and December 16, 2025. During that window, the threat actors exfiltrated certain files from the server. After reviewing the stolen data, IMA Diligence Services confirmed that the compromised information included names, addresses, Social Security numbers, and driver’s license numbers. The exfiltrated data also contained financial details such as account numbers and credit card numbers, as well as medical and health insurance information. In some cases, passport numbers and taxpayer identification numbers were among the stolen records.

IMA Diligence Services reported to the Indiana Attorney General’s Office that 525,306 individuals were affected by the breach. In response, the company began providing 12 months of free credit monitoring and identity restoration services to all impacted persons. While the breach notice did not name the threat actor, the Genesis ransomware group later claimed responsibility for the incident. The group added IMA Diligence Services to its Tor‑based leak site in late January, asserting that it had stolen approximately 700 gigabytes of data, including personal information, business documents, and confidential files. IMA Diligence Services operates as a subsidiary of IMA Financial Group and offers financial consulting services for acquisitions, mergers, and other corporate transactions. The firm was founded in 2009 and was previously known as RedRidge Diligence Services.