A finance company worth around $1.5bn that employs 1,800 workers has disclosed a suspected cyberattack that compromised the personal data of around a thousand of its clients.
In further evidence of how victims of cybercrime can range far and wide, IMA Financial, based in Wichita, Kansas, disclosed the breach to the Attorney General in Texas, where the victims are located.
Compromised personally identifiable information included Social Security numbers, driver’s license details, passport numbers, credit card data, and medical records and insurance.
IMA reported the breach to authorities in Texas, where it is a legal requirement for affected businesses to do so, on April 25, disclosing that 941 residents of the Lone Star state had been affected.
According to its filing, as cited by law firm JD Supra, IMA detected “unusual activity within its computer network” last October, confirming that folders containing sensitive files were accessed by a suspected threat actor.
“Upon discovering that sensitive consumer data was made available to an unauthorized party, IMA Financial Group began to review the affected files to determine what information was compromised and which consumers were impacted,” said JD Supra.
IMA said it sent letters of notification to its clients on April 19, after completing an investigation to determine what data was affected the previous month.
More from Cybernews:
Subscribe to our newsletter