Zacks Investment Research has confirmed that hacker attacks in 2021-2022 may have compromised data belonging to: 820,000 customers.
The company announced in a notice letter to users earlier this week that it discovered the breach on December 28, 2022.
“Zacks has learned that an unknown third party has obtained unauthorized access to certain customer records described below,” the company wrote. “We believe the unauthorized access occurred between November 2021 and August 2022.”
According to Zacks, the data theft affected an old database of Zacks customers who signed up for the Zacks Elite product between November 1999 and February 2005.
“The specific information we believe has been accessed is your name, address, phone number, email address, and password used on Zacks.com,” it said. Notice document.
“We have no reason to believe that customer credit card information, other customer financial information, or other customer personal information was accessed.”
The company added that it has already implemented additional security measures to prevent attackers from using stolen passwords to access compromised accounts.
“Zacks seems to be doing a lot of the right things to restore trust with its customers. I wonder if it took them three or four months to realize that.” said Roger Grimes, data-driven defense evangelist at KnowBe4.
“[Taking] Months to notify affected customers of their current passwords [were compromised], often shared with other unrelated sites and services, seems a bit excessive. “
Grimes also said Information security At the same time, there could always be extenuating circumstances, and maybe that’s why it took the company so long to figure out what happened so it could be communicated clearly and accurately to its customers. .
“Nevertheless, we hope that the compromised company will notify affected customers within days and an official announcement will not take weeks.”
Zacks breach notice comes days after American fast-food restaurant chain Five Guys Confirmed It was hacked last year.
