Image-I-Nation Breach Exposes Personal Information Data of Thousands

Published on February 14, 2019
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

Image-I-Nation Technologies Inc. has announced that one of the databases containing the personal information of individuals who had a consumer report through their system at some point in the past has been breached. According to the official notice, the unauthorized access occurred between November 1 and 15, 2018. The data that was leaked includes customer names, dates of birth, home addresses, and their social security numbers. Image-I-Nation is providing hosting services to Equifax, Experian, and TransUnion, all engaged in the consumer credit reporting sector, so the customers that have had their information exposed are likely high-profile businesses and organizations.

The fact that attackers aimed for the hosting link of the chain are not a matter of random targeting but a specific focus on the weakest point that will yield the most prolific results. No matter what security precautions are applied in the three credit reporting companies, attackers could get their hands to their customers’ data anyway through Image-I-Nation. This indicates the importance of establishing a rigid security layer across the full data exchange chain, as a chain is as powerful as its weakest link.

Image_I_Nation_data_breach_notice

source: dojmt.gov

The IT team of Image-I-Nation only discovered the incident on December 20, and the fact that the particular database was found to be accessible by attackers for a period of two weeks is alarming. However, they claim that no misuse of the stolen personal information was detected. Currently, a forensic IT team is conducting further analysis and implements additional protection layers to prevent this incident from occurring again in the future. The credit reporting companies have also been informed accordingly, so that further action from their side may be taken.

Analysts point out that this breach is yet another characteristic example of how little control people have over the security of their personal data. Sharing your personal identification details with a company often means sharing it with a set of companies who collaborate with them, either in the context of business or technical infrastructure, so people don’t even know who holds their personal data, let alone manage and monitor their use. In this case, the law allows the compromised individuals to sue Image-I-Nation for mishandling their data but considering that most have never heard of this company it is unlikely to even pay attention to the news. What really needs to be done is to impose stricter regulations for the third parties who collect and manage data, forcing them to improve their security as they will risk not only their reputation but their assets as well.

Where do you stand on the above? Let us know of your opinion in the comments section beneath. If you want to get more fresh news like this one, check out our socials on Facebook and Twitter.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: