IMA Diligence Services Notifies 525K on Legacy Server Breach

IMA Diligence Services has begun notifying more than 525,000 individuals that their personal information, business documents, and confidential files were stolen from a legacy server last year. The financial due diligence firm disclosed the breach in early June 2026 after the Genesis ransomware group claimed responsibility for the incident.

Public reporting indicates the compromised server contained a wide range of sensitive records accumulated over time. The exposed data includes names, contact details, financial identifiers, and proprietary business materials that had been stored on infrastructure no longer in active use. Available reporting describes the breach as originating from an unprotected legacy environment that was not fully decommissioned, allowing attackers to access and exfiltrate large volumes of information before detection.

For executives and high-net-worth families, the scale and nature of this incident represent a material risk. Clients of due diligence firms frequently include corporate leaders, investors, and family offices whose financial histories, transaction records, and personal identifiers carry elevated value on underground markets. Once such data surfaces, it can accelerate targeted fraud, spear-phishing campaigns, and physical security threats that extend beyond the individual to household members and business associates.

The doxxing and identity-chain implications are particularly concerning. Information stolen from a single due-diligence repository often links email addresses, phone numbers, physical addresses, and business relationships that attackers can cross-reference with other breaches. These connections allow adversaries to map an individual’s digital footprint, pivot to gaming accounts, social-media handles, or family-member profiles, and construct detailed dossiers used for extortion, account takeover, or public exposure. Credential leaks of this type frequently cascade into gaming-platform compromises, where children’s accounts become entry points for further identity chaining.

What to do

• Run a DoxxScan to map every link between your emails, phone numbers, handles, and real-world identity, then complete the no-subscription cleanup of exposed records.
• Enable continuous monitoring across 15.4B+ breach records and 100+ platforms so the next exposure of your data is identified and addressed within hours rather than months.
• Immediately rotate any password used at IMA Diligence Services or associated vendors wherever it has been reused, and enforce 2FA through an authenticator app on all accounts.
• Cover the entire household with DoxxScan family protection that extends to dependents and children’s gaming accounts, which often chain back to the same addresses and credentials.
• For executives and family offices, engage hands-on remediation specialists who can issue targeted takedown requests to data brokers and underground forums where the stolen files may appear.

Organizations and families that treat breach notifications as routine miss the accelerating speed with which stolen due-diligence data fuels follow-on attacks. A forward-looking approach requires both immediate credential hygiene and persistent visibility into how personal information propagates across the internet. DoxxScan by GalaxyWarden delivers that visibility through continuous monitoring across 15.4B+ breach records and 100+ platforms, AI-powered identity-chain mapping, hands-on remediation by specialists, and household coverage that includes children’s gaming accounts vulnerable to the same credential-stuffing chains seen in incidents like this one.

Source: SecurityWeek