Chicago-based investment research firm Morningstar announced that the personal data for tens of thousands of clients was compromised in an “intrusion” dating back to April 2012.
How many victims? 182,000.
What type of personal information? Names, street addresses, email addresses, passwords and credit card information of more than 2,300 people had been compromised. Additionally, approximately 182,000 email addresses were accessed.
What happened? An intrusion in April 2012 is thought to have compromised the Morningstar Document Research, formerly 10-K Wizard, which provides a global database and search tool to the company.
What was the response? Morningstar sent notices to clients to reset passwords and is offering 12 months of free identity protection to victims whose credit cards may have been compromised. Morningstar is also working with law enforcement and credit card companies.
Details: Morningstar suggests affected individuals monitor their credit reports and accounts while further steps are taken by the company to prevent unauthorized access and protect client information. Morningstar said the costs involved with addressing the issue have been negligible, and they expect no other products or services to be affected.
Quote: “At this point, we don’t have any evidence to suggest that any of the information that was compromised has been misused,” Morningstar said in a recent routine U.S. Securities and Exchange filing, which mentioned the breach.
Source: usatoday.com, Associated Press, Morningstar: Credit card info may have been leaked,” July 5, 2013.
[A previous version of this story was updated to reflect that Morningstar referenced the breach as part of a routine filing with the SEC. In addition, the headline was altered to avoid implying all 182,000 victims had their credit card data exposed].