Financial Sector Security Intelligence

Charlottesville Settlement Company (CSC) experienced a data security incident where an unknown actor gained unauthorized access to their network on September 2, 2025, potentially accessing and acquiring files containing personal information. The incident was discovered on September 4, 2025, and CSC determined on March 10, 2026, that personal information, including name and other unspecified data elements, may have been involved. CSC is offering complimentary credit monitoring and identity theft protection services through IDX.

Financial Factors, Inc. (FFI) experienced an incident involving unauthorized access to a FFI computer via remote access software. The breach occurred between October 24, 2025, and February 6, 2026, with the potential exposure of personal information for one Maine resident, including their name, Social Security number, driver's license or other identification document, and financial account information. FFI reset the computer and reinstalled the operating system to remediate the issue and is offering credit monitoring services through Kroll to the affected individual.

Marquis Software Solutions, a marketing and communications vendor for financial institutions, experienced a data security incident on or around August 14, 2025, when an unauthorized third party accessed their network and may have copied certain files. The incident was limited to Marquis's systems and did not affect their customer's systems. The investigation determined that files containing personal information were accessed. Marquis is offering affected individuals a complimentary membership to Epiq Privacy Solutions ID for identity protection services.

Kerkering, Barberio & Co. (KB), a CPA firm, experienced a cybersecurity incident discovered on May 27, 2025, where an unauthorized user gained access to four email accounts. A forensic investigation revealed that some KB files were obtained by the unauthorized actor. The incident potentially exposed individuals' addresses, email addresses, Social Security Numbers, and full names. KB has taken steps to secure its systems, including disconnecting affected email accounts and enhancing security measures. They are offering 12 months of complimentary credit monitoring and identity theft protection services to affected individuals. The disclosure date for this incident was March 13, 2026.

MetroWest Community Federal Credit Union experienced a data breach where unauthorized access to certain systems and copying of files occurred on September 3, 2025, after suspicious activity was detected on September 1, 2025. The investigation, completed on January 12, 2026, revealed that names, Social Security numbers, financial account numbers, routing numbers, and payment card numbers may have been accessed. The credit union has notified affected individuals, including 132 Maine residents, and is offering two years of free credit monitoring through Experian. They have also notified the FBI and are implementing additional security measures and employee training.

Banner Capital Bank disclosed a data breach on March 6, 2026, stemming from suspicious activity on an employee email account. An unauthorized person may have accessed the account between August 20, 2025, and September 11, 2025. The investigation determined that personal information, specifically the name and financial account number of two Maine residents, was potentially accessed. The bank stated that no other bank systems were affected, no customer account balances were accessed, and no funds were transferred. Notifications were mailed to affected individuals, and a call center was established for inquiries. Banner Capital Bank is enhancing its email security to prevent future incidents.

Maniscalco Wealth Management Ltd. (MWM) experienced a data breach due to unauthorized access to an employee's email account between October 23, 2025, and October 30, 2025. The investigation, completed on February 18, 2026, revealed that personal information, including Social Security numbers and financial account information, of one Maine resident was compromised. MWM disclosed the breach on March 6, 2026, and is offering affected individuals one year of free credit monitoring services through TransUnion, along with guidance on identity theft protection and credit file security.

EP Wealth Advisors, LLC disclosed a data breach on February 2, 2026. The company stated there is no indication that the data involved has been publicly disclosed, or that fraud or misuse of the data occurred or is likely to occur. EP Wealth's operations were not disrupted by the incident. The notification letter provides information on obtaining free credit reports, placing fraud alerts, and credit freezes from major credit bureaus.

The California FAIR Plan Association (CFPA) experienced a cybersecurity event on December 12, 2025, where personal information was inadvertently disclosed to an unknown third party. An investigation confirmed that individual broker information was impacted, specifically names, addresses, and Social Security numbers. Policyholder data was not impacted, except for brokers who are also policyholders. CFPA has implemented enhanced security measures and is offering two years of complimentary credit monitoring and identity restoration services through IDX.

Williams Accountancy Corporation experienced a data breach where an unauthorized third party gained access to their network between December 25, 2025, and December 26, 2025. The investigation determined that files containing personal information, potentially including name, date of birth, Social Security number, and bank account number, were acquired. While there is no evidence of misuse, the company is offering complimentary identity protection services through Experian IdentityWorks Credit 3B.

Brown Advisory LLC experienced a security incident on January 21, 2026, where a threat actor gained unauthorized access to certain systems. The investigation revealed that personal data, including name, phone number, email address, address, Social Security number, driver's license image, passport image, or financial account numbers, may have been accessed. The company has taken steps to contain the incident, including resetting passwords and session tokens, and is offering 24 months of identity protection services from Experian. The incident did not compromise the security or functioning of internal systems, and there was no evidence of access to transactions, trading, or client investments.

Figure Technology Solutions, Inc., on behalf of its subsidiaries Figure Lending LLC, Figure Markets Credit LLC, and Figure Payments Corporation, disclosed a data breach on January 28, 2026. The incident involved unauthorized activity on their systems, leading to the exposure of customer names, addresses, bank account numbers, and routing numbers through queries on company databases storing loan and loan inquiry data. Social Security Numbers were not affected. There was no evidence of unauthorized access to customer accounts or funds, and business operations remain uninterrupted. The company is offering two years of complimentary credit monitoring and identity restoration services through TransUnion and has implemented enhanced security measures.

Hennessy Advisors, Inc. experienced a data security incident discovered on March 30, 2025, when suspicious activity affected system access. An investigation, involving third-party specialists, revealed that personal information of certain investors in the Hennessy Funds was accessed and released without authorization by late December 2025. The company became aware of unauthorized access to specific personal information on February 5, 2026. As a result, 12,643 records were affected. Hennessy Advisors is offering complimentary credit monitoring and identity theft protection services through IDX.

H&N Tax, Inc. dba CSA Tax experienced a network disruption on or around December 2, 2025, which resulted in unauthorized access to certain information stored on their network for a limited period. A thorough investigation determined that the potentially affected data may have included first and last names in combination with Social Security numbers. The company is offering complimentary credit monitoring and identity protection services to affected individuals.

H&N Tax, Inc. dba CSA Tax experienced a network disruption on or around December 2, 2025, which resulted in unauthorized access to certain information stored on their network for a limited period. A thorough investigation determined that the potentially affected data may have included first and last names in combination with Social Security numbers. The company is offering complimentary credit monitoring and identity protection services to affected individuals.

West Florida Banking Corporation (operating as Flagship Bank) experienced a data breach when unauthorized access occurred on April 15, 2025, resulting from a social engineering scheme. The incident was discovered on May 7, 2025, when suspicious activity was detected within their environment. The bank secured their network, launched an investigation, and notified federal law enforcement. The compromised information includes names, Social Security numbers, and financial account information for 3,996 individuals. Flagship Bank is providing affected individuals with 12 months of free credit monitoring through TransUnion.

Terra Holdings, LLC detected suspicious activity on February 13, 2025, and determined that unauthorized actors accessed or exfiltrated files from their systems between February 11-13, 2025. The company provides services to real estate affiliates and held limited personal information in that capacity. Compromised data included names, Social Security numbers, driver's license/state ID numbers, and financial account information. Due to data complexity, identifying affected individuals took nearly a year, with notifications sent to Maine residents on February 12, 2026. The company engaged forensic specialists, notified law enforcement, implemented additional safeguards, and is offering 12 months of credit monitoring through Epiq.

North Atlantic States Carpenters Benefit Funds disclosed a data breach on 2026-02-11, with details about the breach not fully specified.

WealthKeel LLC experienced a data breach when an employee's email account was compromised, potentially exposing personal information including SSN, account numbers, name, address, and email. The breach was discovered on November 7, 2025, and the company notified affected individuals on February 9, 2026. Cybersecurity experts were engaged to investigate and enhance security measures, with no evidence of other data being affected.