Zacks Investment Research data breach affects 820,000 clients

Hackers breached Zacks Investment Research (Zacks) company last year and gained access to personal and sensitive information belonging to 820,000 customers.

Founded in 1978, the company helps investors with stock buying decisions by using advanced financial data analytics algorithms.

Zacks discovered the at the end of last year that some customer records had been accessed without authorization. An internal investigation into the incident determined that a threat actor gained access to the network somewhere between November 2021 and August 2022.

It is unclear if any data was stolen but the information exposed during the breach includes full names, addresses, phone numbers, email addresses, and user passwords for the Zacks.com website.

Such details would be valuable in the hands of phishing actors and scammers and might have made it possible for unauthorized users to access Zacks accounts and, by extension, any additional information stored on them.

It appears that the data set belongs to a specific set of customers. In the data breach notice delivered to affected individuals, the company clarifies that the incident impacted only customers of the Zacks Elite product that joined between November 1999 and February 2005.

Also, the investment research firm says it has no evidence that financial data has been exposed due to the security breach.

After learning about the breach, Zacks has initiated the password reset procedure for compromised accounts, forcing users to choose new credentials on their next login.

The company says that it also implemented extra security measures on the network and is actively working with an external cybersecurity specialist to develop and install additional protection systems in the immediate future.

Users impacted by this security incident are advised to remain vigilant against incoming communications, as scammers can now use their phone numbers and email addresses.

Also, those using SMS-based 2FA (two-factor authentication) to secure online investment accounts should switch to a different phone number or 2FA method, as the exposed data can be leveraged by SIM swappers to port the numbers on clone cards and take control of the protected accounts.