Unsecured data center exposes vast 38GB database, divulging multiple personal records publicly
In a concerning turn of events, IMDataCenter, a Florida-based data hygiene, enhancement, and append services provider, has reportedly leaked a 38 GB unsecured database containing over 10,000 records of sensitive personal information (PII). The exposed data includes names, addresses, phone numbers, emails, and more.
The exact responsibility for the exposed data—whether IMDataCenter directly managed it or a third-party contractor was involved—remains unclear [1][2]. The leaked database, which has since been shut down, was discovered by cybersecurity researcher Jeremiah Fowler, who found it to be unencrypted and non-password-protected [2][5].
The data exposure raises concerns as the platform managed by IMDataCenter boasts a data library spanning 260 million individuals, 130 million households, 600 million emails, and 550 million phone numbers [6]. The leaked data appears to be a storage repository for client orders labeled "reports" and "results," suggesting it may have been used for various purposes, including sales, marketing, and other activities across multiple industries [7].
IMDataCenter, a division of Brooks Integrated Marketing, offers a platform for marketing data improvement, including identity resolution, phone and email appending, Complete Integrated Marketing Append (CIMA), and more [6]. Fowler reached out to IMDataCenter to warn them about the leaking information, and the database was locked down soon after [2].
As of now, no evidence of abuse in the wild has been found, but the leaked data poses a potential risk to the individuals whose PII was included. The company acknowledged the importance of data security and is working to secure the information as soon as possible [8]. This incident underscores the importance of proper data security measures to protect sensitive personal information.
[1] Source for "It is unclear whether IMDataCenter directly managed the exposed data or if a third-party contractor was responsible" [2] Source for "The leaked database was discovered by security researcher Jeremiah Fowler" and "IMDataCenter acknowledged the issue and stated they were working to secure the data" [3] Source for "The leaked database included unencrypted, non-password-protected files totaling 38 GB with over 10,000 records containing personally identifiable information (PII)" [4] Source for "The leaked data may have been used for various purposes, including sales, marketing, and other activities across multiple industries" [5] Source for "The platform managed by IMDataCenter has a data library spanning 260 million individuals, 130 million households, 600 million emails, and 550 million phone numbers" [6] Source for "IMDataCenter is a division of Brooks Integrated Marketing" [7] Source for "Fowler reached out to IMDataCenter to warn them about the leaking information, and the database was locked down soon after" [8] Source for "The leaked data includes Personally Identifiable Information (PII) such as names, postal addresses, email addresses, phone numbers, and lifestyle or ownership information"
- Despite the lack of clarity on who specifically managed the leaked data, IMDataCenter, a marketing data improvement platform, has taken responsibility for securing the exposed, unencrypted personal information.
- Given the vast extent of data-and-cloud-computing within their services, including a data library comprising millions of individual and household records, the potential for widespread misuse of the leaked data is a grave concern for cybersecurity experts.
- As IMDataCenter also offers technology-driven solutions like identity resolution, phone and email appending, and Complete Integrated Marketing Append (CIMA), this incident serves as a reminder for companies in the gaming, finance, and other industries to prioritize cybersecurity measures when managing sensitive data.
