A recent cyberattack has compromised the personal data of approximately 12 million Zacks Investment Research accounts. This breach, initially claimed to involve 15 million records, has been verified to affect slightly fewer accounts, following a detailed investigation. Zacks, renowned for its "Zacks Ranks" stock market analysis, has faced multiple data breaches over the years, with this incident marking a significant security lapse.

Details of the Zacks Data Breach

The latest breach is attributed to a cybercriminal known as Jurak, who claims to have accessed Zacks' systems in June 2024. This breach exposed sensitive customer information, including usernames, email addresses, full names, phone numbers, and physical addresses. The data has been circulated on online forums, raising concerns about the security of personal information.

Historical Breaches at Zacks

In previous incidents, Zacks suffered data leaks in 2023 and October 2024, affecting millions of records. The 2023 breach involved over 8.6 million records, with data dating back to May 2020. The October 2024 breach exposed 8,441 records, including email and physical addresses, phone numbers, and full names. These incidents highlight ongoing vulnerabilities within Zacks' cybersecurity framework.

  • June 2024 Breach: Exposed 12 million accounts with personal data.
  • 2023 Breach: Leaked 8.6 million records with data from May 2020.
  • October 2024 Breach: Compromised 8,441 records with detailed personal information.

Cybercriminals and Their Methods

The cybercriminal Jurak claims to have infiltrated Zacks' active directory as a domain administrator, gaining access to critical systems and source code. This breach, allegedly conducted in collaboration with another hacker, StableFish, underscores the sophisticated tactics employed by cybercriminals to exploit vulnerabilities in corporate networks.

Protective Measures for Affected Users

In the wake of such breaches, affected users should take immediate action to secure their accounts and personal information. Here are some recommended steps:

  • Check Vendor Advice: Follow specific guidance provided by Zacks regarding the breach.
  • Change Passwords: Update passwords with strong, unique combinations and consider using a password manager.
  • Enable Two-Factor Authentication (2FA): Use FIDO2-compliant devices for enhanced security.
  • Beware of Phishing: Verify the identity of any contacts claiming to be from Zacks.
  • Avoid Storing Card Details: Refrain from saving payment information on websites.
  • Set Up Identity Monitoring: Use identity monitoring services to detect illegal trading of personal data.

The link has been copied!