Image-I-Nation Technologies Inc., a technology and hosting partner of major credit reporting agencies, has been hacked and consumer credit data stolen.

The company provides services to the likes of Equifax Inc. Experian Inc. and TransUnion Inc., the so-called “big three” U.S. credit agencies.

The hack was disclosed via recent regulatory filings in various states. The company said it had discovered “unauthorized access to our database containing the personal information of individuals who had a consumer report through our system at some point in the past” on Dec. 20. “Based upon our investigation, we have determined that the incident began on or about Nov. 1, 2018 and that our systems were secure as of Nov. 15, 2018.”

While claiming that it’s not aware of any misuse of information, Image-I-Nation did note that the data accessed may have included first and last names, dates of birth, home addresses and social security numbers. The size of the data stolen was not specified.

One of Imagine-I-Nation’s customers, Equifax, made headlines in 2017 after its systems were hacked. It was later revealed that consumer data relating 146.6 million people had been stolen. Potentially, Equifax data may have been stolen again via the Imagine-I-Nation hack.

Tim Mackey, senior technical evangelist at Synopsys Inc., told SiliconANGLE that the breach highlights just how little control individuals have over the security and location of their personal data – let alone the purpose for which the data might be used.

“Regardless of media coverage, it is highly unlikely that most people will pay attention to a data breach at Image-I-Nation Technologies considering they likely never directly did business with the company,” Mackey explained. “In essence this is a repeat of the shock consumers experienced with the Equifax breach in 2017 and which spurred in part the enactment of the California Consumer Privacy Act. Given the CCPA comes into effect in less than a year, it would be illustrative to look at this breach through that lens.”

Extolling the virtues of the CCPA, Mackey notes that it would force companies, such as Imagine-I-Nation, to notify consumers not only of a hack but any collected data they have on file.

“Upon request, the organization would be required to disclose in a human consumable format the collected data, the sources for the data, and the business purpose for both processing and sharing that data,” Mackey said. “In the event of unauthorized access to consumer data, including as a result of a data breach, the CCPA provides consumers the right to bring suit against the organization, including class-wide suits, and recover damages in an amount of not less than $100 per consumer per incident.”

Although the number of California consumers affected by the breach wasn’t disclosed, under CCPA it’s likely the potential civil suit would be substantial, Mackey added.

Photo: U.S. Army