Morningstar said that personal data, such as credit card details, of around 2,300 users of the company’s Morningstar Document Research service have been compromised because of a security breach last year. The company said that the breach was made on April 3, 2012 that has resulted to the leak of names, addresses, email addresses and passwords. This was according to a filing made by the company Friday. It took the company a year to make the announcement after finding out about the breach.
Morningstar Document Research offers a worldwide database and search tool for company filings. An additional 182,000 users who had email addresses and user generated passwords found on the database may also be affected by the compromise. The company is still investigating whether other accounts were compromised.
The research firm said that they have encouraged their users whose credit cards could have been compromised to scrutinize their credit reports and credit card accounts. The company has already sent out notices to its clients that asked them to change their passwords. It is also providing 12 months of free identity protection to clients who had their credit cards compromised. Morningstar added that the costs of resolving the issue were minimal.
Morningstar said that there was no evidence that indicated the stolen data has been used illegally. The company added that no other products were affected by the breach. But if you are a client of other Morningstar products, it would be best to reset your password as soon as possible.
Morningstar spokeswoman Margaret Cohen said that the company learned about the breach late May and started informing its clients in June. The issue became public last Friday when the company released its 8K filing. Morningstar used it as an opportunity to answer questions that were asked by clients and its investors.