Contact

August Breach

Last Updated: November 19, 2021

On August 20th, an attacker was able to gain privileged access to one of our systems. Using this access, they were able to obtain a copy of one of our production databases. This copy has been published on various hacker forums.

It is possible that some of your personal data is included in the database leak. This could include your name, email address, mailing address, phone number, password material, and/or the last 4 digits and expiration date of a credit card number. Our systems do not store plaintext passwords nor full credit card numbers.

We are performing audits of current server configurations and amending our standard practices to help prevent similar incidents from occurring in the future. We are also making every attempt to contact those whose information is contained in the leaked data.

You should immediately change your password both on any Imavex-hosted service as well as anywhere that you have used the same password.

Please note that Imavex will not ask for sensitive information and/or any form of payment from you; should you receive such a request please do not provide the information and notify us and/or the authorities immediately. 

Email

reportsecurityvulnerbility@imavex.com

Phone (Call/Text)

(317) 576-3638

Stay Informed

If you wish for us to retain your information we will be happy to inform you should additional information and/or resources become available.

6 + 13 =

FAQ’s

FAQ

General Information

In response to the questions received regarding the data breach occurring in August 2021, we have included answers to the most frequently asked questions.  Please note, for additional security and safety, this includes the entirety of the information we are able to disclose at this time.

Who is Imavex and why do you have my information?
Imavex is a website development agency.  Information in regard to the breach may have been the result of a visitation and/or membership associated with a website Imavex developed on behalf client(s), be it current or past. 
How do I know what email account was associated?
It is suggested you change the password of the email associated with receipt of your notification of aforementioned breach.  However, we have created a quick utility to help you determine which email was included in the stolen information.
What information was exposed?

It is possible that some of your personal data is included in the database leak. This could include your name, email address, mailing address, phone number, password material, and/or the last 4 digits and expiration date of a credit card number. Our systems do not store plaintext passwords nor full credit card number.

Are you offering a credit service?
We are not offering credit monitoring at this time. We encourage those who discover that their information has been misused to report it to the FTC, using IdentityTheft.gov. IdentityTheft.gov will create an individualized recovery plan, based on the type of information exposed. And, each report is entered into the Consumer Sentinel Network, a secure, online database available to civil and criminal law enforcement agencies.
 
If you wish for us to retain your information we will be happy to inform you should additional information and/or resources become available. 
I was notified by LifeLock about my email address Why?

Imavex has been provided services to a number of clients throughout the years.  Your email address at one time was associated with one of those clients.  We are asking that everyone associated with any clients we currently have or had in the past change their passwords for security purposes.

How did imavex get my email address?

Imavex has been provided services to a number of clients throughout the years.  Your email address at one time was associated with one of those clients.  We are asking that everyone associated with any clients we currently have or had in the past change their passwords for security purposes.

Is it possible to know which websites were impacted in the August breach?

Unfortunately, we are not able to match your username with the website you were registered with at this time.  

What Can I Do Next?

Ask each credit bureau to send you a free credit report after it places a fraud alert on your file. Review your credit reports for accounts and inquiries you don’t recognize. These can be signs of identity theft. If your personal information has been misused, visit the FTC’s site at IdentityTheft.gov to report the identity theft and get recovery steps. Even if you do not find any suspicious activity on your initial credit reports, the FTC recommends that you check your credit reports periodically so you can spot problems and address them quickly. 

You may also want to consider placing a free credit freeze. A credit freeze means potential creditors cannot get your credit report. That makes it less likely that an identity thief can open new accounts in your name. To place a freeze, contact each of the major credit bureaus at the links or phone numbers above. A freeze remains in place until you ask the credit bureau to temporarily lift it or remove it. 

For further information including recommended steps, visit FTC’s website, IdentityTheft.gov/databreach, about steps you can take to help protect yourself from identity theft. The steps are based on the types of information exposed in this breach.

(317) 576-3638

reportsecurityvulnerbility@imavex.com