IMA Diligence Services this week confirmed it notified 525,306 people of a December 2025 data breach that compromised the following personal info:
- Names
- Social Security numbers
- Health insurance info
- Medical info
- Financial account info
- Driver’s license numbers
- Passport numbers
- Taxpayer ID numbers
A cybercriminal group called Genesis took credit for the breach in January 2026. On its data leak site, the ransomware gang said it stole 700 GB of data from IMA Diligence.
IMA has not acknowledged Genesis’ claim and Comparitech cannot independently verify it. We do not know how attackers breached IMA Diligence’s network, if the company paid a ransom, or how much Genesis demanded. Comparitech contacted IMA for comment and will update this article if it replies.
“On or about December 16, 2025, IMA Diligence became aware of suspicious activity on a legacy server hosted by a third-party, which is now decommissioned and no longer in use,” says IMA’s notice to breach victims. “It was determined that an unauthorized actor had accessed this file server and acquired certain files.”
The company is offering breach victims 12 months of free credit monitoring through Cyberscout. The deadline to enroll is 90 days from the date on the breach notification letter.
Who is Genesis?
Genesis is a ransomware group that started claiming responsibility for attacks on organizations in October 2025. Its malware both steals data and locks down computer systems. Genesis then demands payment to destroy stolen data and restore infected systems.
The group has claimed responsibility for 76 ransomware attacks in total. Of those, 10 have been confirmed by the targeted organizations. This attack on IMA is Genesis’ first on a financial firm.
Some of Genesis’ other confirmed attack claims include:
- 4 healthcare providers: River City Eye Care, Community Health Action of Staten Island, Stockton Cardiology Medical Group, and CarePoint Health
- Two local governments: Upper Township, NJ and Hart, MI
- Food and beverage retailer Healthy Living
- The National Association on Drug Abuse Programs
Ransomware attacks on US finance
Comparitech researchers logged 70 confirmed ransomware attacks on US finance firms in 2025. Those attacks compromised more than 2 million personal records.
This attack on IMA is the largest such attack by far by number of records compromised. In a distant second is Akira’s attack on Wakefield & Associates, which notified 371,577 people of a January 2025 breach. Check City notified 322,687 of a Clop attack in March 2025, and American Lending Center notified 123,158 of a ransomware breach in July 2025.
In 2026, we’ve recorded nine more confirmed attacks on US finance firms compromising 166,000 records. They include Beacon Mutual Insurance, which notified 162,439 people of a January 2026 data breach claimed by Inc Ransomware.
Ransomware attacks on financial firms can both steal data and lock down computer systems. Once infected, the attacker then demands a ransom to delete stolen data and restore systems. Companies that refuse to pay can face extended downtime, permanent data loss, and putting customers at increased risk of fraud.
About IMA Diligence Services
IMA Diligence Services, formerly RedRidge Diligence Services, is a financial consultant that advises lenders, investors, and corporations on mergers, acquisitions, and other big transactions. It is a a subsidiary of IMA Financial Group. The company was founded in 2009 and is based in Chicago. Its website says IMA Diligence’s clients include a life insurance company serving more than 100,000 members, a secured debt fund with nearly $10 billion in invested capital, a publicly traded communications and electronics distributor, and a family-owned scrap metal recycling company.