Image-I-Nation Technologies, Inc. is a technology and hosting company that provides background screening software and data services to consumer reporting agencies (CRAs). In late 2018, the company suffered a network intrusion that exposed personal data belonging to customers of its major CRA clients — Equifax, Experian, and TransUnion.

Image-I-Nation discovered the breach on December 20, 2018. Forensic investigation determined that the intrusion occurred between November 1 and November 15, 2018 — a two-week window during which attackers had access to systems containing sensitive consumer data. The company engaged an external forensic IT firm to investigate and improve security posture.

Exposed data potentially included first and last names, dates of birth, home addresses, and Social Security numbers. The exact number of affected individuals was not publicly disclosed, though the breach was reported to state attorneys general as required under applicable notification laws.

The incident is notable as a supply chain attack against the infrastructure underpinning the US credit reporting system. Rather than attacking Equifax, Experian, or TransUnion directly — all of which have significant security investments following the high-profile 2017 Equifax breach — the attacker targeted a smaller shared services vendor that held equivalent data and presented a softer target.

All three affected credit bureaus were notified by Image-I-Nation after the discovery. The breach was publicly reported in February 2019. Image-I-Nation Technologies contacted affected individuals and offered identity protection assistance.

The incident underscores a persistent pattern: major regulated institutions invest heavily in direct security controls while their vendor ecosystems — including hosting partners, background screening providers, and data processors — operate with far less scrutiny and often hold comparable access to the same sensitive consumer information.