Zacks Investment suffers from a data breach.

It has been reported that Zacks Investment Research, a Chicago-based company specializing in financial data and stock analysis, has suffered a cyberattack resulting in the theft of sensitive information from approximately 12 million individuals. A message on a clandestine hackers' forum, according to information from BleepingComputer, reveals that the breach occurred in June 2024, allowing the attacker to access personal data including names, usernames, email addresses, postal addresses, and phone numbers.

The forum post also offered a sample of the stolen data set and a proposal to sell the entire set in exchange for a "small amount in cryptocurrency." During a conversation with the attacker, it was learned that they gained access to Zacks' Active Directory as a domain administrator, from where they extracted the source code of the main site along with 16 other assets. So far, Zacks has not responded to media inquiries for information.

Meanwhile, the platform Have I Been Pwned?, which collects email addresses exposed in data breaches, has added this new dataset to its database. However, the majority of these email addresses (93%) had already been exposed in previous incidents.

Zacks is not unfamiliar with cybersecurity incidents, as unauthorized access to certain customer records was discovered in December 2022, affecting approximately 820,000 individuals who had registered for the Zacks Elite product between November 1999 and February 2005. The exposed information included names, addresses, phone numbers, email addresses, and passwords from an older database.

Additionally, in June 2023, a dataset containing personal information of more than 8.8 million Zacks users appeared on a hackers' forum. This data, dated back to May 2020, included names, addresses, phone numbers, email addresses, usernames, and passwords stored as unsalted SHA-256 hashes.