BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Investment Research Firm Morningstar Notifies Customers of Security Breach

From: Erica Absetz <erica () riskbasedsecurity com>
Date: Thu, 20 Jun 2013 10:04:24 -0500
http://news.softpedia.com/news/Investment-Research-Firm-Morningstar-Notifies-Customers-of-Security-Breach-362049.shtml

Morningstar, an investment resource specialized in fund investing, has
started notifying customers that its Morningstar Document Research
(formerly 10-K Wizard) system was breached in early April 2012.

According to the letter sent to customers, obtained by
DataBreaches.net, names, addresses, email addresses and passwords may
have been compromised.

As a result of the breach, which was only recently discovered, all
Morningstar Document Research passwords have been reset.

“Earlier this year, we shut down the old servers and moved the data to
a more secure infrastructure as part of a migration plan unrelated to
this issue. We have taken other steps to prevent unauthorized access
to our systems to protect your information. We are also working with
law enforcement officials and conducting our own investigations,” the
letter reads.

On the other hand, if the breach really occurred over one year ago and
the letters started going out only on Tuesday morning, changing users
passwords doesn’t do much good at this point.

A recent study has shown that, on average, companies believe they can
detect a data breach within 10 hours. Obviously, most of them are over
confident in their capabilities.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss-discuss

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.
Previous By Date Next
Previous By Thread Next

Current thread: