Morningstar recently began notifying its clients that the Morningstar Document Research (MDR) system was hacked on or around April 3, 2012, potentially exposing approximately 182,000 clients' first and last names, mailing addresses, e-mail addresses and passwords, along with approximately 2,300 clients' credit card numbers (h/t DataBreaches.net).
According to a FAQ [PDF file] regarding the breach, which was recently posted on Morningstar's Web site, none of the information was encrypted. "However, earlier this year, before we learned about this incident, we encrypted all credit card numbers in the MDR database," the FAQ states.
In response, the company has reset all passwords for Morningstar Document Research. "The next time you access your account, you will be required to create a new password," Morningstar Products Group president Chris Boruff noted in an e-mail to clients. "Also for your protection, we strongly suggest you avoid using the same passwords across multiple accounts and be alert to potential phishing scams."
All clients whose credit card information may have been compromised are being offered one year of free identity protection through Experian's ProtectMyID Alert program.
Clients with questions are advised to call (877) 316-9552.