14 DAY TRIAL // DC-based publisher Kiplinger has alerted its customers that hackers stole their login, personal and, in some cases, financial information from the company's database.
The incident occurred on around June 25, but the company took two weeks to notify affected individuals because it waited for the results of an internal investigation.
The data breach affected around 142,000 paid subscribers of the monthly Kiplinger’s Personal Finance magazine and the company's various newsletters, The Kiplinger Letter, The Kiplinger Tax Letter or The Kiplinger Agriculture Letter.
"Part of the problem is we still don’t know exactly what the hackers got," Kiplinger director of new media Doug Harbrecht, told Bloomberg. "We had to find out as much information as possible before we could respond," he added.
The exposed information is said to contain user names and passwords, email addresses, contact information, including telephone numbers, and encrypted credit card data.
Harbrecht says the risk of identity theft is minimal, but the company wanted its customers to be informed of the incident nevertheless.
Considering that passwords were exposed, users are urged to change them on any website where they might have used them. Even if the hackers might not be able to perform identity theft and fraud directly, they might try to use the passwords on other accounts that contain more sensitive information, like PayPal or iTunes.
Password reuse is a major problem. Just last week we reported about a man who was sentenced to ten years in prison for using passwords he stole from non-critical websites to access his victims' online banking accounts.
Furthermore, knowing the relationship between subscribers and Kiplinger, attackers might craft phishing emails spoofing the company in an attempt to obtain more information from customers.
As far as the exposed credit card information goes, even if it is encrypted there is a slight chance it can be recovered. Therefore, the company advises everyone to contact their banks and replace their credit cards.