Morningstar Properties LLC disclosed a data breach after hackers gained unauthorized access to company systems in November 2025. The incident potentially exposed sensitive personal information belonging to employees, business partners, and customers, prompting the company to offer complimentary credit monitoring and identity restoration services.
Morningstar Properties LLC’s Data Breach Investigation
Morningstar Properties LLC announced a cybersecurity incident involving unauthorized access to portions of its network environment. According to the company’s notification letter, Morningstar identified suspicious activity occurring within its systems on or around November 13, 2025. In response, the company reportedly took some systems offline and initiated its incident response protocols to contain the activity.
Morningstar stated that it engaged independent cybersecurity specialists to investigate the incident and assess the security of its network. Federal law enforcement authorities were also notified as part of the company’s response efforts. The subsequent investigation determined that an unauthorized actor gained access to certain Morningstar systems between November 12 and November 13, 2025, before the company terminated the access.
During the period of unauthorized access, the threat actor may have viewed and/or obtained information stored on Morningstar’s systems. The company later conducted a comprehensive review to determine what specific information may have been involved and which individuals were potentially affected by the breach.
Morningstar noted that affected individuals include current or former employees, customers, and business partners who provided personal information during their relationship with the company. Although the notification letter references variable data fields identifying the exact information involved for each recipient, the company did not publicly disclose a full list of compromised data elements in the notice provided.
Cybersecurity incidents involving businesses that maintain employee and customer information can create significant risks for affected individuals. Data exposed during breaches may potentially be used for identity theft, financial fraud, phishing attacks, or unauthorized account access. Sensitive personal information, especially when combined with financial or identifying data, can remain valuable to cybercriminals long after the initial breach occurs.
Morningstar stated that it acted quickly after discovering the suspicious activity by securing systems, investigating the scope of the incident, and strengthening existing security measures and internal controls. The company also reported reviewing and enhancing its security practices to help prevent similar incidents in the future.
As part of its remediation efforts, Morningstar is offering affected individuals 12 months of complimentary credit monitoring and identity restoration services through Experian IdentityWorks. The offered services reportedly include credit monitoring, identity restoration assistance, fraud detection, daily credit monitoring alerts, and up to $1 million in identity theft insurance coverage for eligible losses.
The company encouraged affected individuals to remain vigilant by reviewing account statements and monitoring credit reports for suspicious activity. Consumers were also advised to obtain free annual credit reports, review them carefully for unauthorized accounts or inquiries, and contact the Federal Trade Commission, state attorneys general, or law enforcement if they detect signs of identity theft or fraud.
Data breaches involving unauthorized system access often raise questions regarding whether sufficient cybersecurity protections were in place to safeguard sensitive personal information. Companies that collect and maintain consumer and employee data may have legal obligations to implement reasonable security safeguards designed to prevent unauthorized access and data theft.
When personal information is exposed in a cybersecurity incident, affected individuals may face ongoing concerns about privacy, fraud risks, and identity theft. Consumers impacted by data breaches sometimes explore their legal rights and potential options for seeking compensation through class action litigation.
When Did This Breach Occur?
Morningstar Properties LLC reported that the unauthorized actor gained access to certain company systems between November 12, 2025, and November 13, 2025. The company stated that it identified suspicious activity on or around November 13, 2025, and promptly took systems offline to contain the incident.
What Information Was Breached?
According to Morningstar Properties LLC, the breach potentially involved personal information belonging to employees, customers, and business partners. The notification letter references variable data elements that may differ by recipient. Potentially exposed information may include:
- Names
- Personal identifying information
- Financial or account-related information
- Other sensitive personal information provided to Morningstar
What You Can Do
Individuals affected by the Morningstar Properties LLC data breach may want to take immediate steps to protect themselves from identity theft and fraud. Monitoring financial accounts, reviewing credit reports, and watching for suspicious transactions can help identify unauthorized activity early.
Affected consumers may also consider placing fraud alerts or credit freezes with Equifax, Experian, and TransUnion. Credit freezes can help prevent unauthorized individuals from opening accounts in your name.
Morningstar is offering complimentary credit monitoring and identity restoration services through Experian IdentityWorks for 12 months. Individuals who received a notification letter should carefully review the enrollment instructions and activate the offered protections before the deadline expires.
Consumers impacted by cybersecurity incidents may also want to learn more about their legal rights and options. Data breach victims are sometimes eligible to pursue compensation for losses related to identity theft risks, out-of-pocket expenses, and privacy concerns.
File a Data Breach Lawsuit Against Morningstar Properties LLC
If you received a data breach notification letter from Morningstar Properties LLC, you may be eligible to pursue compensation through a class action lawsuit. Data breach litigation may seek compensation for damages associated with identity theft risks, fraudulent activity, out-of-pocket costs, lost time, and loss of privacy.
Companies that store sensitive employee and customer information may have a legal responsibility to maintain reasonable cybersecurity safeguards to protect that data from unauthorized access. When those protections allegedly fail, affected individuals may have legal rights to seek accountability and financial recovery.
Many consumers do not realize they may qualify to participate in legal action after a data breach involving sensitive personal information. Understanding your rights can be an important step toward protecting yourself after a cybersecurity incident.
Contact us at Class Action U, where we’ll connect you with a lawyer skilled in class action lawsuits. If you’ve been contacted about this breach, received notice, or discovered you were impacted, fill out our quick, easy, and secure form to sign up. There is no cost to reach out to our legal partner and no obligation after speaking with someone from our team.
