(Reuters) - Investment research firm Morningstar Inc
The incident on April 3, 2012 may also have led to the leakage of names, addresses, email addresses and passwords, the company said in a filing on Friday.
Morningstar Document Research, formerly 10-K Wizard, provides a global database and search tool for company filings.
An additional 182,000 clients who had email addresses and user-generated passwords on the system may also have been affected, Morningstar added.
"We have encouraged clients whose credit cards may have been compromised to monitor their credit reports and credit card accounts," the research firm said.
The company has also sent notices to its clients asking them to reset their passwords.
Morningstar spokeswoman Margaret Cohen said the company became aware of the breach in late May and began informing clients in June. The matter became public on Friday when Morningstar released its 8K filing, which it does on the first Friday of every month, and uses as an opportunity to answer questions that have been posed to the company. In the filing, the company said the financial impact was minimal.
(Reporting by Avik Das in Bangalore and Svea Herbst-Bayliss in Boston; Editing by Sreejiraj Eluvangal and Lisa Shumaker)