NEW YORK (AP) — Morningstar Inc. says it discovered anillegal intrusion into its systems that
may have compromised some of itsclients’ personal information, including email addresses, passwords,and
credit card numbers.The Investment research provider said the breach took place around April
3.Theintrusion affected about 2,300 users whose credit card information wasstored in the Morningstar
Document Research system, formerly known as10-K Wizard. An additional 182,000 clients who had email
addresses anduser-generated passwords in the system may have been affected, thecompany said in a filing
with the Securities and Exchange Commission.Morningstarsaid it shut down old servers and moved data to a
more secure systemearlier this year in a move unrelated to the incident. It maintains ithas taken
additional steps to prevent unauthorized access to its systemsto protect client information. The company
said it is also working withlaw enforcement officials and credit card companies, as well asinvestigating
the incident on its own.Morningstar sent notices toclients and reset their passwords. It is offering 12
months of freeidentity protection to clients whose credit cards may have beencompromised."At this
point, we don’t have any evidence to suggestthat any of the information that was compromised has been
misused," thecompany said in the filing. It doesn’t believe any other Morningstarproducts were
affected.Shares of Morningstar Inc. closed Friday unchanged at $78.07.Copyright 2013 The Associated
Press.