Cybersecurity researcher Jeremiah Fowler discovered a major data leak at IMDataCenter, exposing a 38GB database with 10,820 records containing personally identifiable information (PII) such as names, addresses, phone numbers, email addresses, lifestyle details, and vehicle ownership. The data was left unprotected on the internet, posing significant risks for identity theft and fraud. Additionally, a hacker known as ThinkingOne accessed IMDataCenter’s AWS bucket, downloading 40GB of data, including 20 million email addresses, 37 million phone numbers, and sensitive details like Social Security Numbers. The breach affects clients across healthcare, airlines, universities, and other sectors, with the data already downloaded by at least one third party.
Source: https://hackread.com/hacker-accesses-imdatacenter-records-exposed-aws-bucket/
TPRM report: https://www.rankiteo.com/company/im-datacenters
"id": "im-356080725",
"linkid": "im-datacenters",
"type": "Breach",
"date": "8/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Over 260 million individuals '
'and 600 million email addresses',
'industry': 'Data Services',
'location': 'Florida, USA',
'name': 'IMDataCenter',
'type': 'Data Solutions Provider'}],
'attack_vector': 'Misconfigured Database',
'data_breach': {'data_encryption': 'No',
'data_exfiltration': 'Yes',
'file_types_exposed': 'CSV, PDF',
'number_of_records_exposed': '10,820 records initially, later '
'expanded to 20 million unique '
'email addresses and 37 million '
'phone numbers',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'PII, names, physical addresses, '
'phone numbers, email addresses, '
'lifestyle information, home or '
'vehicle ownership, Social '
'Security Numbers, dates of '
'birth'},
'description': 'Cybersecurity researcher Jeremiah Fowler discovered a major '
'data leak at a Florida-based data solutions provider, '
'IMDataCenter. The leak exposed a massive database containing '
'personal details of users and client companies.',
'impact': {'brand_reputation_impact': 'High',
'data_compromised': 'Personally Identifiable Information (PII), '
'names, physical addresses, phone numbers, '
'email addresses, lifestyle information, home '
'or vehicle ownership, Social Security '
'Numbers, dates of birth',
'identity_theft_risk': 'High',
'systems_affected': 'Database with CSV and PDF files'},
'initial_access_broker': {'entry_point': 'Misconfigured AWS bucket'},
'investigation_status': 'Ongoing',
'motivation': 'Unknown',
'post_incident_analysis': {'corrective_actions': 'Securing the database',
'root_causes': 'Misconfigured database without '
'password protection or encryption'},
'references': [{'source': "Jeremiah Fowler's blog post"},
{'source': 'Hackread.com'}],
'response': {'containment_measures': 'Database restricted from public access',
'incident_response_plan_activated': 'Yes'},
'threat_actor': 'Unknown',
'title': 'Data Leak at IMDataCenter',
'type': 'Data Leak',
'vulnerability_exploited': 'Unsecured Database'}