A reader sent this in with a note that a bunch of folks in his office received this email this morning:
Dear Morningstar client:
I am writing to make you aware that some of your personal information, including your name, address, email address, and password, may have been compromised because of an illegal intrusion into the Morningstar Document Research (formerly 10-K Wizard) system. We recently became aware that this intrusion occurred around April 3, 2012. Earlier this year, we shut down the old servers and moved the data to a more secure infrastructure as part of a migration plan unrelated to this issue. We have taken other steps to prevent unauthorized access to our systems to protect your information. We are also working with law enforcement officials and conducting our own investigations.
We sincerely apologize for any inconvenience this may cause you. For your protection, we have reset all passwords for Morningstar Document Research. The next time you access your account, you will be required to create a new password. Also for your protection, we strongly suggest you avoid using thesame passwords across multiple accounts and be alert to potential phishing scams.
Phishing is a scam where people receive email messages from individuals purporting to be the true company. These messages often ask for detailed personal or financial information and may contain a link asking you to “confirm your account.” Morningstar never solicits your detailed personal or financial account information in emails. You should not click on links or open attachments from suspicious email messages. You can report these scams to us, or to local law enforcement, the Attorney General, or the Federal Trade Commission (FTC). These entities can also provide additional information about how to protect yourself online. The FTC’s website is located at
http://www.ftc.gov/idtheft.Protecting the integrity of your information is of utmost importance to Morningstar. Again, we deeply regret any inconvenience this may cause you. I assure you that we are working diligently to protect your information and prevent this type of incident from happening again. If you have questions or require further assistance, please call us at 1-877-316-9552 or 1-312-384-4800, send an email to [email protected], or visit our website at http://documentresearch.morningstar.com/faq.pdf for answers to frequently asked questions.
Sincerely,
Chris Boruff
President
Morningstar Products Group
“Also for your protection, we strongly suggest you avoid using thesame passwords across multiple accounts and be alert to potential phishing scams.”
Or…make it so people cannot use the same password again, since that would make it especially easy for hackers to get back in the system and start this whole thing up again.