BreachExchange mailing list archives
Investment Research Firm Morningstar Notifies Customers of Security Breach
From: Erica Absetz <erica () riskbasedsecurity com>
Date: Thu, 20 Jun 2013 10:04:24 -0500
http://news.softpedia.com/news/Investment-Research-Firm-Morningstar-Notifies-Customers-of-Security-Breach-362049.shtml Morningstar, an investment resource specialized in fund investing, has started notifying customers that its Morningstar Document Research (formerly 10-K Wizard) system was breached in early April 2012. According to the letter sent to customers, obtained by DataBreaches.net, names, addresses, email addresses and passwords may have been compromised. As a result of the breach, which was only recently discovered, all Morningstar Document Research passwords have been reset. “Earlier this year, we shut down the old servers and moved the data to a more secure infrastructure as part of a migration plan unrelated to this issue. We have taken other steps to prevent unauthorized access to our systems to protect your information. We are also working with law enforcement officials and conducting our own investigations,” the letter reads. On the other hand, if the breach really occurred over one year ago and the letters started going out only on Tuesday morning, changing users passwords doesn’t do much good at this point. A recent study has shown that, on average, companies believe they can detect a data breach within 10 hours. Obviously, most of them are over confident in their capabilities. _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss-discuss Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- Investment Research Firm Morningstar Notifies Customers of Security Breach Erica Absetz (Jun 20)