Morningstar Says Clients' Credit-Card Data May Have Been Leaked

Credit cards
Adam Gault | OJO Images | Getty Images

Investment-research firm Morningstar said personal information, including credit-card details, of about 2,300 users of its Morningstar Document Research service may have been compromised due to a security breach last year.

The incident on April 3, 2012 may also have led to the leakage of names, addresses, email addresses and passwords, the company said in a filing on Friday.

Morningstar Document Research, formerly 10-K Wizard, provides a global database and search tool for company filings.

An additional 182,000 clients who had email addresses and user-generated passwords on the system may also have been affected, Morningstar added.

"We have encouraged clients whose credit cards may have been compromised to monitor their credit reports and credit-card accounts," the research firm said.

The company has also sent notices to its clients asking them to reset their passwords.

Morningstar spokeswoman Margaret Cohen said the company became aware of the breach in late May and began informing clients in June. The matter became public on Friday when Morningstar released its 8K filing, which it does on the first Friday of every month, and uses as an opportunity to answer questions that have been posed to the company. In the filing, the company said the financial impact was minimal.