IMA Diligence Services Data Breach Lawsuit Investigation
Received a December 2025 breach notice from IMA Diligence?
Dapeer Law, P.A. is investigating a potential class action against IMA Diligence Services, LLC, a financial-services due diligence and risk management firm, on behalf of individuals whose personal information may have been exposed in the December 2025 cyber incident.
Who may qualify
You may be eligible to participate in a class action if any of the following applies:
- You received a data breach notification letter from IMA Diligence dated December 2025.
- Your letter offered enrollment in 12 months of free Cyberscout credit monitoring and identity restoration (TransUnion).
- You had personal information held by IMA Diligence in connection with its due diligence and risk management services.
- No proof of harm required to consult with counsel. You do not need to have already suffered identity theft to explore your legal options.
- Excluded: individuals who did not receive a breach notice and whose information was not involved in the incident.
Not sure if you qualify?
Send us your notice, we'll confirm your eligibility at no cost.
What happened
On or about December 16, 2025, IMA Diligence Services, LLC learned that certain files stored on a legacy server managed by a third-party, since decommissioned, had become inaccessible. The company engaged third-party cybersecurity specialists to investigate. That investigation determined that an unauthorized actor had accessed the file server between December 8 and December 16, 2025 and acquired certain files containing personal information.
IMA Diligence then conducted a review to identify the affected information and the individuals it related to, and began mailing notice letters dated May 29, 2026, roughly five months after the incident was discovered. The company notified law enforcement, says it is reviewing its data storage and access policies, and is offering impacted individuals 12 months of complimentary credit monitoring and identity restoration through Cyberscout, a TransUnion company. The notice states that affected files contained each person's name together with additional personal information, with the specific data elements varying by individual.
Because IMA Diligence handles sensitive financial and personal data as part of due diligence and risk management work, individuals named in the exposed files may face an elevated risk of identity theft or fraud. The total number of people affected has not been disclosed in the public notice, though the company reported that approximately 1,464 Rhode Island residents may be impacted.
What to do if you received a letter
Keep your notice letter
Do not discard it. Your letter contains the enrollment code for credit monitoring and is important evidence if you decide to participate in a lawsuit.
Enroll in the free 12-month credit monitoring
Enroll in the Cyberscout (TransUnion) monitoring offered in your letter within 90 days of the letter date. Accepting this benefit does not waive your right to pursue legal action.
Place a fraud alert or credit freeze
Contact Equifax, Experian, and TransUnion to place a fraud alert or freeze on your file. Request a free weekly credit report from AnnualCreditReport.com, and use the FTC's IdentityTheft.gov recovery guide.
Speak with a data breach attorney
Consultations with Dapeer Law are free and confidential. We'll review your notice, explain your options, and advise whether you may be eligible to join a class action.
Submit your notice for a free review
Two minutes online. A licensed attorney reviews every submission.
Breach timeline
Compensation you may be entitled to
Out-of-pocket expenses
Credit freezes, identity restoration services, and other costs incurred responding to the breach.
Time spent monitoring
Hours spent reviewing accounts, disputing fraudulent charges, and dealing with identity theft issues.
Identity theft & fraud losses
Unreimbursed funds stolen from accounts, unauthorized credit lines, or tax refund fraud tied to the breach.
Statutory damages
Certain state data breach and consumer protection statutes provide for fixed damages regardless of actual loss.
Injunctive relief
Court orders requiring IMA Diligence to implement stronger data security practices going forward.
Compensation categories depend on applicable state law, the types of data exposed, and documented losses. No recovery is guaranteed.
Common questions
I received a data breach letter from IMA Diligence. What should I do? +
Keep your IMA Diligence letter, which contains your enrollment code. Enroll in the 12 months of free Cyberscout (TransUnion) credit monitoring within 90 days, review your bank, credit-card, and insurance statements for unfamiliar activity, and consider placing a fraud alert or security freeze with the major credit bureaus. You may also wish to contact a data breach attorney to understand your legal options.
Am I eligible to join a class action against IMA Diligence? +
Individuals who received the IMA Diligence breach notice generally may qualify. Factors that can affect eligibility include your state of residence, the categories of personal information exposed in your case, and whether you have documented out-of-pocket costs or time spent responding to the incident.
How much money could I receive from a class action lawsuit? +
Data breach class action recoveries vary significantly. Settlements typically range from a few hundred dollars for basic out-of-pocket losses to several thousand dollars for documented identity theft, with class size, damages, and negotiation all affecting the final amount. No payout is guaranteed, and this investigation has not yet resulted in a settlement.
What personal information was exposed in the breach? +
The public notice states that affected files contained each individual's name along with additional personal information, and that the specific data elements vary by person. Check your individual notification letter for the exact information involved in your case.
Did IMA Diligence offer free credit monitoring? +
Yes. IMA Diligence is offering 12 months of complimentary credit monitoring and identity restoration through Cyberscout, a TransUnion company. You must enroll within 90 days of your letter date. Enrolling does not waive your right to pursue a claim.
How many people were affected by the IMA Diligence breach? +
IMA Diligence has not publicly disclosed the total number of impacted individuals as of the May 29, 2026 notice, though it reported approximately 1,464 affected Rhode Island residents. This page will be updated as more is known.
Is there a deadline to take legal action? +
Yes. Statutes of limitations for data breach claims vary by state and legal theory, typically ranging from one to six years. Waiting can permanently bar your claim. Contact us as soon as possible for a free evaluation.
How do I get a copy of the official breach notice? +
IMA Diligence filed its notice with the California Attorney General, where it is publicly available. Dapeer Law can also help you obtain a copy during a free consultation.
Sources & references
- Official breach notice filing · California Attorney General, Notice of Data Event (PDF)
- Company · IMA Diligence Services, LLC (imadiligence.com)
- Credit bureau freezes · Equifax · Experian · TransUnion
- Free weekly credit reports · AnnualCreditReport.com
- Identity theft recovery guide · FTC IdentityTheft.gov
Don't let the deadline decide for you. Submit your claim today.
You only have a limited window to act. Our team will review your notice, explain your options, and tell you whether you may be eligible to recover compensation, at no cost to you.
