Hackers breached Zacks Investment Research and gained access to personal informa...
Zacks Investment Research, a company founded in 1978 that helps investors with stock buying decisions using advanced financial data analytics algorithms, recently suffered a data breach that affected 820,000 customers. The incident occurred between November 2021 and August 2022, but it was not discovered until the end of last year. The investigation revealed that a threat actor had gained unauthorized access to the company's network and customer records, including full names, addresses, phone numbers, email addresses, and user passwords for the Zacks.com website.
The type of information exposed in this data breach can be valuable for phishing actors and scammers, as it can be used to access Zacks accounts and any additional information stored on them. However, the company clarified that the incident only impacted customers of the Zacks Elite product who joined between November 1999 and February 2005, and that there is no evidence that financial data was exposed.
After discovering the breach, Zacks initiated a password reset procedure for compromised accounts and implemented additional security measures on the network. The company is also working with an external cybersecurity specialist to develop and install more protection systems in the future.
It's important for customers who were impacted by this incident to remain vigilant against incoming communications, as scammers can now use their personal information to conduct phishing attacks. Additionally, those using SMS-based 2FA to secure online investment accounts should switch to a different phone number or 2FA method, as the exposed data can be leveraged by SIM swappers to port the numbers on clone cards and take control of the protected accounts.
It's also worth mentioning that this [data breach](http://www.documentcloud.org/documents/23586688-1-24-2023-maine-sample-notice?responsive=1&title=1) highlights the importance of monitoring and securing sensitive data, especially for companies that deal with financial information. As data breaches continue to occur at an alarming rate, companies should take proactive steps to protect their networks and customer data, such as implementing robust security measures, conducting regular security audits, and providing employee training on cybersecurity best practices.
Furthermore, companies should also consider implementing a incident response plan, which is a set of procedures and guidelines for identifying, responding, and reporting data breaches. This will enable them to quickly detect and respond to security incidents, minimize the damage caused, and ensure compliance with relevant regulations.