Kiplinger Washington Editors Inc., the publisher of Kiplinger’s Personal Finance, warned customers that hackers breached its computer network at least as early as June 25 and stole account data, including credit card numbers.
Doug Harbrecht, the company’s director of new media, said the attackers stole user names, passwords and encrypted credit card numbers from as many as 142,000 subscribers to the magazine or the company’s various newsletters, including the Kiplinger Letter.
Harbrecht said the two-week delay in notifying customers resulted from efforts to understand the extent of the break-in by “an unidentified third party,” as the Kiplinger website described the intruders. He said the company notified the Federal Bureau of Investigation and is working with the agency on a probe of the incident.
“Part of the problem is we still don’t know exactly what the hackers got,” Harbrecht said in a phone interview. An e- mail sent to Kiplinger customers said the hacker may have accessed e-mail addresses as well as other personal information.
“We had to find out as much information as possible before we could respond,” Harbrecht said.
The attack against the personal finance publisher is the latest in a growing cyber crime-wave that has victimized companies including Lockheed Martin Corp., Citigroup Inc., Sony Corp. and the television network PBS.
In some cases, the cyber-thieves have taken financial information that could be used in fraud. In others, like the hack of e-mail marketing company Epsilon Data Management LLC., they gained access to millions of customer e-mail addresses that security experts warned could be used for identity theft.
Harbrecht said Kiplinger believes the risk of identity theft is small because of the limited information accessed by the intruder. The type of data that he said was apparently stolen by the intruder, including e-mail addresses and contact information such as telephone numbers or addresses, is sometimes used in so-called phishing scams to gain more valuable data or for identity theft.
While the credit-card numbers were encrypted, Harbrecht said that encryption in rare cases can be broken. Kiplinger is advising customers to call their banks and replace the card numbers, he said.
“We think the risk level is minimal,” Harbrecht said. “We just want people to know we got hacked.”
To contact the reporter on this story: Michael Riley in Washington at michaelriley@bloomberg.net
To contact the editor responsible for this story: Michael Hytha at mhytha@bloomberg.net
