Investment Research Data Breach exposes 12 million customers


If there is one sector that has been surpassed Healthcare in data breaches And ransomware attacks, it’s finance.

Security incidents that influence financial institutions are increasingly occurring, whether they involve banks, fintech companies or investigations for investments.

The newest case includes Zacks, an American investment research company. A cyber criminal claimed To have stolen 15 million customer and customer records, but a separate study later confirmed the actual number at 12 million.

Stay protected and informed! Receive security reports and technical tips for experts – Register now for the Cyberguy report from Kurt

hacker

Illustration of a hacker at work. (Kurt “Cyberguy” Knutsson)

What you need to know

The Zacks Investment Breach came to light for the first time at the end of January 2025 when a hacker is known as “Jurak” on Breach forums claimed that they had already gained access to Zacks’ systems in June 2024.

According to De Hacker, they have obtained domain managers rights for the Zacks Active Directory, a critical network security component, so that they can steal the source code for Zacks.com and 16 other websites, including internal tools, together with user account data. The stolen information was then offered for sale on Hacker Forums, with examples offered for a small cryptocurrency payment to prove authenticity, as reported by Bleeping computer.

Further investigation confirmed that the infringement took place in June 2024, so that 12 million unique e -mail addresses and other personal data were uncovered. The fact that the attacker succeeded in getting domain management access, suggests a very advanced attack, which may use the vulnerabilities in Zacks’ network security.

This is not the first time that Zacks has suffered an infringement. Previous incidents include an attack from 2022 that joined an older Zacks -Elite product database from 1999 to 2005, as noted on Zacks’ own infringement.

threatening mail

Threat of actor’s post about breach forums. (Bleepingcomputer)

The hidden costs of free apps: your personal information

What information was compromised

The Zacks Investment Data Breach, confirmed by Have I PWNED (HIBP), has exposed a series of sensitive user information, causing the affected risky. The leaked data include e-mail addresses, IP addresses, names, telephone numbers, physical addresses, usernames and unsalted SHA-256 Shashed passwords.

This type of information can be misused for phishing, identity theft, reference filling, intimidation, sim exchange and even physical threats. Alarming, 93% of the leaked e -mail addresses were already exposed to earlier infringements, making recycled passwords an even bigger problem. The use of unsalted SHA-256 Hashes-albumen considered if outdated only contributes to the risk, making it easier for attackers to crack passwords and compromise accounts.

Despite the seriousness of the infringement, from February 2025, Zacks Investment Research does not yet have to release an official statement. The lack of transparency is disturbing, especially in view of the scale of the history of the infringement and zacks with security incidents.

What is artificial intelligence (AI)?

person on phone

A person scrolling on a phone. (Kurt “Cyberguy” Knutsson)

From Tiktok to Problems: how your online data can be armed against you

7 ways you can protect yourself after a data breach

1. Be careful for phishing attempts and use strong antivirus software: After a data breach, scammers often use the stolen data to make convincing phishing messages. These can come via e -mail, text or phone calls and pretend to be from trusted companies. Be extra careful about unsolicited messages with links that ask for personal or financial details, even if they refer to recent orders or transactions. The best way to protect yourself against malignant links is to have strong antivirus software installed on all your devices. This protection can also warn you about phishing -e -mails and ransomware -scam, so that your personal information and digital assets are kept securely. Buy my choices for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

Get Fox Business on the Go by clicking here

2. Invest in the protection of identity theft: Given the exposure of personal data, such as names, addresses and order data, investing in identity theft protection services can offer an extra layer of security. These services check your financial accounts and credit report on signs of fraudulent activities, so that you will be warned early in potential identity theft. They can also help you freeze your bank and credit card defenses to prevent unauthorized use by criminals. See my tips and choose the best how you can protect yourself against identity theft.

3. Switch two-factor authentication (2FA) on accounts: Make it possible two -factor authentication Adds an extra security layer to your online accounts. Even if hackers get your login details, they do not have access to your accounts without the second verification step, such as a code sent to your phone or e -mail. This simple step can considerably reduce the risk of unauthorized access to sensitive personal information.

4. Update your passwords: Change passwords for all accounts that may be influenced by the infringement and use unique, strong passwords for each account. Consider a Password manager. Get more details about my Best Expert-Reviewed Password managers from 2025 here.

5. Remove your personal data from public databases: If your personal information is exposed in this infringement, it is crucial to act quickly to reduce your risk of identity theft and fraud. Although no service can guarantee the complete deletion of your data from the internet, a data removal service is really a smart choice. They are not cheap – and not your privacy. These services do all the work for you by actively monitoring your personal information and systematically erasing hundreds of websites. It is what gives me peace of mind and has turned out to be the most effective way to erase your personal data from the internet. By limiting the available information, you reduce the risk of scammers who are to refer data from infringements with information that they can find on the dark web, making it more difficult for them to focus. View my best choices for data removal services here.

Solid security error brings the most popular browsers to MAC

Kurt’s most important take -away restaurants

The infringement of the investment of Zacks emphasizes the realistic threat of cyber attacks for financial institutions. With millions of affected users and exposed personal data, the risks of fraud and identity theft are higher than ever. The fact that Zacks did not say much about the infringement only contributes to the uncertainty for the affected. As these types of attacks occur more often, it is more important than ever to stay informed of your online security – use unique passwords, keep an eye on your accounts and stay alert for signs of suspicious activities.

Click here to get the Fox News app

Should there be stricter regulations for how companies reveal breaches and protect customer data? Let us know by writing us Cyberguy.com/contact

For more of my technical tips and security warnings, subscribe to my free Cyberguy report newsletter by going to Cyberguy.com/newsletter

Ask Kurt a question or let us know what stories you want us to cover.

Follow Kurt on his social channels:

Answers to the most stretched Cyberguy questions:

New from Kurt:

Copyright 2025 cyberguy.com. All rights reserved.

Leave a Reply

Your email address will not be published. Required fields are marked *