Major stock market data research provider Zacks Investment Research has disclosed that 820,000 individuals had their data compromised in a data breach from November 2021 to August 2022, reports The Record, a news site by cybersecurity firm Recorded Future.
Threat actors were able to access an older database with information, including names, phone numbers, home and email addresses, and passwords, from Zacks customers that signed up for the firm's Elite offering from November 1999 to February 2005, said Zacks in filings with the Maine Attorney General's Office.
Several security measures have already been implemented by Zacks, which urged customers to monitor their financial accounts for suspicious activity and replace the leaked passwords used on other sites.
Zacks has been criticized by KnowBe4's Roger Grimes regarding its lengthy process of notifying customers regarding the incident.
"A month to notify affected customers that their current passwords, which are often shared with other unrelated sites and services, seems a bit excessive. You would hope any breached company would notify affected customers within days and not take weeks to make an official announcement," said Grimes.