Kiplinger Security Breach

We have discovered a hacker attack on our database that resulted in an unidentified third party gaining unauthorized access to customer information. When we discovered the attack, we took immediate steps to stop the attack and prevent further breaches and we have notified affected customers and law enforcement. We are continuing to monitor the situation closely and will post updated information as it becomes available.

FAQs

What was affected by the data breach?

Customer information of online subscribers of and others who have used our Web site to purchase print subscriptions or editions of these Kiplinger publications: Kiplinger’s Personal Finance magazine, The Kiplinger Letter, The Kiplinger Tax Letter, The Kiplinger Agriculture Letter, Kiplinger’s Retirement Report, Kiplinger’s Retirement Planning, Kiplinger’s Mutual Funds, and Kiplinger’s Success With Your Money.

What type of information was compromised?

The database that was attacked included customer contact information, e-mail addresses and passwords. In some cases, encrypted credit card numbers were also accessed.  An investigation  by outside forensic experts suggests that the hackers did not target customer names and addresses.  

How do I know if my credit card number is in jeopardy?

Customers whose credit card information was in the database have received individual notification of that fact. Note that neither card security codes nor expiration dates were stored in the database that was attacked.  

 Do I need to change my credit card information?

If you received the notice that credit card information may have been accessed, note that the card number was stored in an encrypted format to prevent unauthorized access or misuse. Nevertheless, there is a possibility that a persistent attacker may be able to crack the encryption and get access to your card number and expiration date. To protect yourself from fraudulent activity on your account, we recommend that you contact your card issuer and request a new card. 

We also recommend that you regularly review activity on your credit card accounts and report any fraudulent activity to the card issuer.

How do I know which of my credit cards you had in your records?

Send an e-mail to Contact-Kiplinger@kiplinger.com and request that information. We will be able to provide the type of card (Visa, MasterCard, American Express, etc.) and the expiration date of the card we have on record. If you need additional help (such as the last four digits of the card), you’ll need to authorize us to decrypt the number and provide that information. (Note: Although the credit card information has been removed from our servers, we are maintaining it in an off-line file in order to assist customers in identifying the credit card number we had on file.

Do I need to change my e-mail address?

No.

Do I need to change my password?

That depends.

If you are an online subscriber, your Kiplinger password only allows access to your on-line publications, not to personal data. Therefore, it is not necessary to change your password. However, if you wish to do so, visit https://www.kiplinger.com/gateway/customerservice/sbchangepass.html.

If you use the same or a similar password on sites on which you store sensitive information, however, we recommend that you change your password on those sites.

When did the data breach occur?

We discovered the attack on June 25, 2011. We took immediate steps to stop the attack and promptly began a forensics investigation to determine the nature of the information that was accessed.  

Have you reported the attack to law enforcement?

Yes. We have reported the incident to the Federal Bureau of Investigation and are cooperating with its investigation.

How will I know if my personal information has been compromised?

 At this time, we are not aware that any of the accessed information has been misused.  However, we have notified all customers whose personal information was stored in the database and suggested steps they can take to protect themselves. 

What should I do to protect myself?

We recommend that you do the following:

·         If you received a notice that your credit card information was stored in our database, we recommend that you notify your card issuer and request a new card number;

·         Regularly review activity on your credit card accounts and report any fraudulent activity to the card issuer;

·         If you are an online subscriber and use the same e-mail address and password for accounts that contain sensitive information, we suggest that you change your password on those sites. Because your password grants access only to our publications, not sensitive personal data, it is not necessary to change your Kiplinger password. However, if you wish to do so, visit  https://www.kiplinger.com/gateway/customerservice/sbchangepass.html.

·         Remain alert to any unusual or suspicious e-mails and be very cautious when opening links or attachments from unknown senders.

Although it is highly unlikely that the information accessed in our database could lead to identity theft – for example, we did not have customer Social Security numbers or dates of birth – if you’re interested in  information about protecting yourself from identity theft, visit the Federal Trade Commission’s identity theft Web site at www.ftc.gov/bcp/edu/microsites/idtheft/.

What steps is Kiplinger taking to protect against future breaches?

We continue to monitor the situation closely and will adopt procedures and practices to minimize the risk of further incidents. We have changed our ordering procedures and will no longer store customer credit card numbers on our servers.

Whom should I contact for more information?

You can contact us at Contact-Kiplinger@kiplinger.com if you have more questions.