One of the biggest industry investment research firms, Morningstar, has come forward to announce that thousands of its customers' personal records – including credit cards – were hijacked during an intrusion that occurred three months ago.
The incident is documented as occurring on April 3, with the would-be hackers accessing the Morningstar Document Research System. It was in here that more than 2,000 different profiles – which included credit card information, email addresses, contact information and passwords – were believed to have been stolen.
In addition to these individuals, there were more than 180,000 other customers in the database that may or may not have had their information accessed by the thieves as well. The research firm has not released any specifications as to why some customers' data would have been stolen and why the remainder may or may not have been accessed.
In response to this event, the Morningstar firm had shut down the original servers on which this information was hosted and migrated it to a different server earlier this year – after the incident occurred but before it was discovered by the company. The firm also announced that it would be taking additional precautions to safeguard consumer data to avoid this type of occurrence in the future. Law enforcement agencies have been contacted and the company is working alongside them to discover the origins of this security breach, in addition to internal investigations to further identify potential areas of concern.
After the incident was identified, Morningstar contacted all of its customers to inform them of the situation and request that they change their account passwords. In order to protect their customers from any future malevolence, Morningstar has also agreed to offer every customer one full year of identity protection.
The company acknowledges that while some information was hijacked, no particular credit card information or identity theft has been reported as of yet, which may reassure worried customers who do regular business with Morningstar. In addition to this, the company reports that all of its other investment and research services appear to be secure and no incidents of theft or system compromise have been identified.