Morningstar Inc., an investment research provider, said it recently found an illegal intrusion in its systems that could have comprised some personal information of its clients such as their credit card numbers, passwords and email addresses. The breach is said to have occurred around April 3.

According to Morningstar (previously known as 10-K Wizard) and in a filing to the Securities and Exchange Commission, approximately 2,300 people with credit card information stored with the company have been affected. Another 182,000 clients with email addresses and passwords could also be affected.

The company said it had shut off its old servers and moved information to a more secure system earlier, although the move is not related to the intrusion incident. Morningstar said it’s taken several extra steps to ensure client information is protected from illegal intrusions. The company is working alongside law enforcement officials and credit card companies while also doing their own investigation.

Morningstar has sent notices to all clients to reset their passwords. It’s also providing clients whose credit card information was compromised one-year free identity protection.

The company said there is no evidence that suggests the stolen information is being used illegally. It also said it does not think any of its other products had been affected.