Zacks Investment Research data breach affects 820,000 customers

Last year, hackers hacked into Zacks Investment Research (Zacks) and gained access to personal and sensitive information belonging to 820,000 customers.

Founded in 1978, the company helps investors make stock purchase decisions using advanced financial data analysis algorithms.

Zacks discovered late last year that some customer records had been accessed without permission. An internal investigation into the incident determined that a threat actor gained access to the network between November 2021 and August 2022.

It’s not known if any data was stolen, but the information exposed in the breach includes the full names, addresses, phone numbers, email addresses, and passwords of Zacks.com website users. .

Such details would be valuable in the hands of phishers and scammers and could have given unauthorized users access to Zacks accounts and, by extension, any additional information stored on them.

It looks like the dataset belongs to a specific set of customers. In the data breach notice provided to affected individuals, the company clarifies that the incident only affected customers of the Zacks Elite product who joined between November 1999 and February 2005.

Additionally, the investment research firm says it has no evidence that any financial data was exposed due to the security breach.

“We have no reason to believe that the customer’s credit card information, any other customer financial information, or any other personal customer information was accessed.” – Zacks Data Breach Notification

After learning of the breach, Zacks initiated the password reset process for compromised accounts, requiring users to choose new credentials the next time they log in.

The company says it has also implemented additional security measures on the network and is actively working with an external cybersecurity specialist to develop and install additional protection systems in the immediate future.

Users affected by this security incident are urged to remain vigilant of incoming communications, as scammers can now use their phone numbers and email addresses.

Additionally, those using 2FA (two-factor authentication) via SMS to secure online investment accounts should switch to a different phone number or 2FA method, as exposed data can be exploited by exchanges. SIM cards to transfer numbers to clone cards and take control. protected accounts.


Source link