Imavex Data Breach
What happened
In August 2021, the website development company Imavex suffered a data breach that exposed 878 thousand unique email addresses. The data included user records containing names, usernames and password material with some records also containing genders and partial credit card data, including the last 4 digits of the card and expiry date. Hundreds of thousands of form submissions and orders via Imavex customers were also exposed and contained further personal information of submitters and the contents of the form. The compromised system was subsequently sunset in January 2024 and all customer data impacted by the incident was permanently deleted.
Exposed data
Recommended actions
- Change your Imavex password immediately, and update it anywhere you reused the same password.
- Enable two-factor authentication on the affected account and on your critical services (email, banking).
- Watch for targeted phishing emails referencing Imavex โ attackers weaponise breach data quickly.
- Monitor your bank and card statements closely and consider requesting a card replacement.
- Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.