Subscribe to the Non-Human & AI Identity Journal

Forums
The Non-Human & AI ...
NHI, AI & IAM Breac...
Zacks Investment Re...
 
Notifications
Clear all

Zacks Investment Research Breach Exposes Data of 12 Million Users

 
    Last Post
  RSS

 NHI Mgmt Group
(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 5855
Topic starter 18/12/2025 9:35 am  

Executive Summary

In February 2025, the cybersecurity world faced yet another wake-up call, this time targeting Zacks Investment Research, a prominent investment analysis firm. A hacker known as “Jurak” claimed responsibility for a massive data breach that exposed sensitive information belonging to 12 million users. The breach occurred when Jurak exploited vulnerabilities in Zacks’ Active Directory, gaining domain administrator account privileges. This level of access allowed the hacker to steal critical source code from Zacks’ primary website and multiple internal applications, exposing backend logic, API keys, and customer credentials. The scale of this incident raises serious concerns about identity theft, credential stuffing, and financial fraud, highlighting Zacks’ ongoing struggles with data security.

👉 Read the full breach analysis from NHI Mgmt Group here

Key Details

Breach Timeline

  • February 2025: Zacks Investment Research confirms the data breach affecting 12 million users.
  • Jurak claims responsibility, outlining methods used to infiltrate Zacks’ systems.
  • Immediate investigations are launched to assess the damage and secure systems.

Data Compromised

  • Customer data including names, email addresses, and financial information were exposed.
  • Source code and API keys from Zacks’ primary website and 16 applications were stolen.
  • Credentials for user accounts were at significant risk, leading to potential identity theft.

Impact Assessment

  • The breach affects approximately 12 million Zacks customers, posing high risks of identity theft and financial fraud.
  • Reputational damage to Zacks as customers lose trust in their data security measures.
  • Potential regulatory scrutiny and legal consequences due to failure in safeguarding sensitive information.

Company Response

  • Zacks initiated a thorough investigation to determine the extent of the breach and mitigate further risks.
  • Enhanced security protocols and measures are being implemented to protect user data.
  • Communication with affected users is prioritized to help mitigate risks and provide support.

Security Implications

  • This incident underscores the critical importance of securing Active Directory environments against unauthorized access.
  • Organizations must invest in robust cybersecurity measures to prevent breaches of this magnitude.
  • The breach highlights the need for ongoing employee training on cybersecurity best practices.

👉 If you want to learn more about how to secure NHIs including AI Agents, check our NHI Foundational Training Course.



   
Quote
Topic Tags
Data Breach Cybersecurity Investment Research Identity Theft Zacks Investment Research
Forum Jump:
  Previous Topic
Next Topic  
Related Topics
Topic Tags:  Data Breach (90) , Cybersecurity (347) , Investment Research (1) , Identity Theft (4) , Zacks Investment Research (1) ,
Share:

#1 Authority in NHI Education, Research and Advisory, empowering organizations to tackle the critical risks posed by Non-Human Identities (NHIs), including AI Agents.

Get in Touch

Quick Links

Legal & Policies

©2025 NHIMG. All right reserved.