A supply chain data breach detected at Image-I-Nation has reportedly impacted customers of some of the major credit agencies.
The supply chain data breach was experienced by Image-I-Nation Technologies, Inc., which provides hosting services and software to consumer reporting agencies like Equifax, Experian and TransUnion. As per reports, this breach might have resulted in users’ personal data being exposed for at least two weeks in November last.
A breach notification filed by Image-I-Nation with the Montana Department of Justice reads, “On December 20, 2018, Image-I-Nation Technologies discovered that there had been unauthorized access to our database containing the personal information of individuals who had a consumer report through our system at some point in the past. Based upon our investigation, we have determined that the incident began on or about November 1, 2018 and that our systems were secure as of November 15, 2018.”
It further says, “While we are not aware of any misuse of your personal information, we have determined that your personal information was hosted within our database during the time of the incident.”
Image-I-Nation Technologies, Inc., which is owned by FRS Software, has revealed that investigations indicate that impacted data could include first and last names, dates of birth, home addresses, and Social Security numbers.
An investigation has been initiated by Image-I-Nations Technologies immediately after the breach was discovered. The investigation seeks to determine the cause of the incident and also to assess the extent of its impact. A forensic IT firm, intending to conduct an analysis as well remediation of the company’s system has also been started. A review of the company’s internal data management and protocols, followed by an implementation of enhanced security measures has also been done. This is to help prevent further breaches from happening.
“We are also notifying the three major credit bureaus, Experian, Equifax and TransUnion, to advise them that your personal information may have been improperly accessed and that they should take appropriate action”, says the breach notification, which has been signed by Phil Chapman, President, Image-I-Nation Technologies, Inc.
Security experts and analysts feel that the Image-I-Nation breach is a pointer to the fact that hackers have now started eying and targeting the supply chain to steal data from such large organizations and corporate firms. It also reiterates the fact that organizations should perform comprehensive risk assessments of their supply chain partners. Continuous monitoring is also needed as it helps detect and fix security vulnerabilities promptly.
Image-I-Nation has also attached to the breach notification a copy of the Federal Trade Commission’s “Information About Identity Theft Prevention” reference guide, which includes additional guidelines for users to ensure better protection.