Another data broker leaves publicly accessible repository, leaks hundreds of thousands of personal records
Learn More
IMDataCenter, a Florida-based data broker specializing in "data append and enhancement solutions" (adding more information to an individual's data set), has been found leaking sensitive personal information via a publicly accessible repository.
The leak was discovered by cybersecurity researcher Jeremiah Fowler, who reported the findings to Website Planet.
The exposed repository contained 10,820 records totaling 38 GB of data, consisting primarily of CSV spreadsheets and PDF files containing personally identifiable information. The repository appeared to be used as a storage for client orders labeled as "reports" and "results,". The file names referenced multiple industries including insurance, solar energy, elections, automotive warranties, hospitals, and healthcare providers.
According to IMDataCenter's website, the company maintains a data library built from hundreds of verified public and proprietary sources, covering detailed information on over 260 million individuals and 130 million households. Their database includes 600 million email addresses, 550 million phone numbers (including 230 million mobile numbers), 153 million property records, 208 million deeds, and data on 75 million homeowners.
The exposed information included:
- Names
- Physical addresses
- Email addresses
- Phone numbers
- Lifestyle and ownership information
- Email validation reports with provider details and usernames
Fowler immediately sent a responsible disclosure notice to IMDataCenter, and the repository was restricted from public access very quickly. The company responded that "data security is really important to us" and confirmed they were working to secure the information immediately.
The number of individuals potentially affected by this exposure is difficult to calculate precisely, as each CSV document contained data from thousands of individuals across multiple marketing campaigns and client orders.
