Financial Sector Security Intelligence

Bank3 discovered suspicious activity on August 20, 2025, leading to an investigation that revealed an unauthorized actor accessed their systems between July 25, 2025, and August 7, 2025. During this period, personal information including name, Social Security number, driver's license or state identification, financial account information, and payment card information may have been viewed or copied. Bank3 is offering 12 months of credit monitoring services through Transunion and providing guidance on identity theft protection to affected individuals.

Conrad Capital Management, Inc. experienced a data breach between November 11, 2025, and March 8, 2026, when an unauthorized person accessed their network and took copies of certain files. The investigation, completed on April 6, 2026, identified that files containing the name and sensitive personal information (Social Security number, driver’s license number, financial account number, and/or tax identification number) of 258 individuals were accessed. The company is offering one year of complimentary credit monitoring and identity theft services through Kroll and has established a dedicated call center for affected individuals.

Douglas M. Smith & Co., CPAs disclosed a data breach on January 20, 2026, where an unauthorized user gained access to their third-party tax filing software and filed a fraudulent tax return on behalf of a client. The incident was discovered on February 23, 2026. The investigation concluded that sensitive personal information, including social security number, other government identification numbers, name, and bank account information, was likely accessible to the threat actor, though no mass transfer of data is indicated. The company is implementing additional security measures, has notified relevant agencies (FTC, FBI, IRS, Secret Service), and is offering 12 months of free credit monitoring services to affected individuals.

ScrogginsGrear, Inc. experienced a data security incident where an unknown third party gained unauthorized access to one employee email account. The investigation determined that personal information of 8919 individuals may have been exposed, including name, date of birth, driver's license/state ID number, financial/bank account number, health insurance individual policy number, patient account number, and Social Security Number/ITIN. The company is offering complimentary credit monitoring services through Cyberscout.

Nicholas H. Safford & Co., Inc. experienced a security incident between January 30, 2026, and March 12, 2026, involving unauthorized access to a single employee's email account. The incident may have exposed personal data including full name, date of birth, partial or full Social Security Number or Employer or Taxpayer Identification Number, account number, government-issued identification number, and mother's maiden name. The company has engaged legal counsel, law enforcement, and a cyber forensics firm, and is offering 24 months of identity monitoring services through Kroll.

OneDigital Investment Advisors LLC was notified by Salesforce, their CRM provider, of a data security event impacting Salesforce and Drift, an online chat agent tool managed by Salesloft. The incident occurred between August 12-18, 2025, where an unauthorized actor potentially accessed and copied data stored in Salesforce due to a compromise of the Drift application. The affected data includes names and Social Security numbers. OneDigital is providing credit monitoring services and guidance on identity theft protection to affected individuals.

JM Forbes & Co. experienced a security incident on November 17th, 2025, when suspicious activity was detected on their email system. An investigation determined that an email account containing personal information was accessed without authorization as part of an attempted business email compromise. The attackers used social engineering in an attempt to redirect payments. While the company has no evidence of misuse or specific targeting of the data, the compromised account may have contained names, addresses, Social Security numbers, and account numbers without security codes. JM Forbes & Co. is offering two years of complimentary credit monitoring services to affected individuals.

Five States Energy Company, L.L.C. detected a network compromise on February 12, 2026, which could have impacted personal information. An investigation determined that personal information, including name, bank account number(s), contact information, and Social Security number, was involved in investment files subject to unauthorized activity. The company has no indication that the information has been or will be misused and is offering free credit monitoring services through Cyberscout.

On November 4, 2025, illumifin Corporation, an insurance technology company and third-party administrator, identified unusual activity on its network. An investigation revealed that an unauthorized person gained access and acquired copies of certain files. On November 10, 2025, it was determined that some files may have contained information received from or on behalf of clients. A comprehensive review identified files containing personal information, including name and address.

Mercer Advisors Inc. experienced a cybersecurity incident on or around January 22, 2026, involving unauthorized access to certain systems used to store client data. The incident was contained, and an investigation determined that an unauthorized third party obtained personal information including name, contact information, driver's license and other government-issued ID numbers, date of birth, and account numbers. Social Security numbers were not believed to be affected. Mercer Advisors has taken steps to enhance safeguards, reported the issue to law enforcement, and is offering credit monitoring services to affected individuals.

Advantage Gold experienced a data breach between late Q3 and early Q4 of 2025 due to a vulnerability in third-party firewall software. A threat actor exploited this vulnerability to gain unauthorized access to Advantage Gold's networks and systems, potentially exposing the personal information of 7960 individuals. The exposed data includes names, addresses, contact information, a limited number of Social Security numbers, and a limited amount of custodian account numbers. Advantage Gold has engaged cybersecurity experts to investigate and remediate the incident and is offering resources to affected individuals to protect themselves from identity theft and fraud.

Summit Insurance Services, Inc. experienced a data security incident between September 18, 2024, and December 2, 2024. The incident may have affected the personal information of 2290 individuals, potentially including names, addresses, dates of birth, and Social Security numbers. Summit has no indication that the affected information has been misused. As a response, they are offering affected individuals complimentary TransUnion credit monitoring, credit reports, credit scores, and fraud assistance services through Cyberscout for a specified period.

Hightower Holding, LLC experienced a data breach due to a compromised user account, leading to unauthorized access and download of certain files between January 8, 2026, and January 9, 2026. The investigation revealed that names, Social Security numbers, and driver's license numbers were potentially exposed. The company has notified affected individuals, including 1,557 Maine residents, and federal law enforcement, and is offering credit monitoring and identity theft protection services.

Hightower Holding, LLC experienced a data breach between January 8, 2026, and January 9, 2026, due to compromised user credentials, leading to unauthorized access and download of certain files. The investigation revealed that names, Social Security numbers, and driver's license numbers were potentially exposed. The company disclosed the incident on March 23, 2026, notifying 1,557 Maine residents and federal law enforcement. Hightower has offered 12 months of credit monitoring and identity theft protection services through TransUnion and provided guidance on fraud prevention.

Mutual of America Life Insurance Company (MOA) discovered suspicious activity on November 29, 2025, which led to an investigation. The investigation revealed that certain files in the MOA network environment were accessed or copied without authorization between November 14, 2025, and November 29, 2025. The potentially impacted information includes names and Social Security numbers. MOA has notified federal law enforcement, is implementing additional safeguards and employee training, and is offering 12 months of free credit monitoring services through Experian to affected individuals. They are also providing guidance on identity theft protection and have notified relevant state regulators and credit reporting agencies.

A data breach occurred at Quinton L. Hiebert CPA, PC, affecting 937 records. The disclosure date for this incident was March 20, 2026. Specific details regarding the date of occurrence, discovery, types of data exposed, and the attack vector are not provided in the available information.

Charlottesville Settlement Company (CSC) experienced a data security incident where an unknown actor gained unauthorized access to their network on September 2, 2025, potentially accessing and acquiring files containing personal information. The incident was discovered on September 4, 2025, and CSC determined on March 10, 2026, that personal information, including name and other unspecified data elements, may have been involved. CSC is offering complimentary credit monitoring and identity theft protection services through IDX.

Financial Factors, Inc. (FFI) experienced an incident involving unauthorized access to a FFI computer via remote access software. The breach occurred between October 24, 2025, and February 6, 2026, with the potential exposure of personal information for one Maine resident, including their name, Social Security number, driver's license or other identification document, and financial account information. FFI reset the computer and reinstalled the operating system to remediate the issue and is offering credit monitoring services through Kroll to the affected individual.

Marquis Software Solutions, a marketing and communications vendor for financial institutions, experienced a data security incident on or around August 14, 2025, when an unauthorized third party accessed their network and may have copied certain files. The incident was limited to Marquis's systems and did not affect their customer's systems. The investigation determined that files containing personal information were accessed. Marquis is offering affected individuals a complimentary membership to Epiq Privacy Solutions ID for identity protection services.

Kerkering, Barberio & Co. (KB), a CPA firm, experienced a cybersecurity incident discovered on May 27, 2025, where an unauthorized user gained access to four email accounts. A forensic investigation revealed that some KB files were obtained by the unauthorized actor. The incident potentially exposed individuals' addresses, email addresses, Social Security Numbers, and full names. KB has taken steps to secure its systems, including disconnecting affected email accounts and enhancing security measures. They are offering 12 months of complimentary credit monitoring and identity theft protection services to affected individuals. The disclosure date for this incident was March 13, 2026.

MetroWest Community Federal Credit Union experienced a data breach where unauthorized access to certain systems and copying of files occurred on September 3, 2025, after suspicious activity was detected on September 1, 2025. The investigation, completed on January 12, 2026, revealed that names, Social Security numbers, financial account numbers, routing numbers, and payment card numbers may have been accessed. The credit union has notified affected individuals, including 132 Maine residents, and is offering two years of free credit monitoring through Experian. They have also notified the FBI and are implementing additional security measures and employee training.

Banner Capital Bank disclosed a data breach on March 6, 2026, stemming from suspicious activity on an employee email account. An unauthorized person may have accessed the account between August 20, 2025, and September 11, 2025. The investigation determined that personal information, specifically the name and financial account number of two Maine residents, was potentially accessed. The bank stated that no other bank systems were affected, no customer account balances were accessed, and no funds were transferred. Notifications were mailed to affected individuals, and a call center was established for inquiries. Banner Capital Bank is enhancing its email security to prevent future incidents.

Maniscalco Wealth Management Ltd. (MWM) experienced a data breach due to unauthorized access to an employee's email account between October 23, 2025, and October 30, 2025. The investigation, completed on February 18, 2026, revealed that personal information, including Social Security numbers and financial account information, of one Maine resident was compromised. MWM disclosed the breach on March 6, 2026, and is offering affected individuals one year of free credit monitoring services through TransUnion, along with guidance on identity theft protection and credit file security.

EP Wealth Advisors, LLC disclosed a data breach on February 2, 2026. The company stated there is no indication that the data involved has been publicly disclosed, or that fraud or misuse of the data occurred or is likely to occur. EP Wealth's operations were not disrupted by the incident. The notification letter provides information on obtaining free credit reports, placing fraud alerts, and credit freezes from major credit bureaus.

The California FAIR Plan Association (CFPA) experienced a cybersecurity event on December 12, 2025, where personal information was inadvertently disclosed to an unknown third party. An investigation confirmed that individual broker information was impacted, specifically names, addresses, and Social Security numbers. Policyholder data was not impacted, except for brokers who are also policyholders. CFPA has implemented enhanced security measures and is offering two years of complimentary credit monitoring and identity restoration services through IDX.

Williams Accountancy Corporation experienced a data breach where an unauthorized third party gained access to their network between December 25, 2025, and December 26, 2025. The investigation determined that files containing personal information, potentially including name, date of birth, Social Security number, and bank account number, were acquired. While there is no evidence of misuse, the company is offering complimentary identity protection services through Experian IdentityWorks Credit 3B.

Brown Advisory LLC experienced a security incident on January 21, 2026, where a threat actor gained unauthorized access to certain systems. The investigation revealed that personal data, including name, phone number, email address, address, Social Security number, driver's license image, passport image, or financial account numbers, may have been accessed. The company has taken steps to contain the incident, including resetting passwords and session tokens, and is offering 24 months of identity protection services from Experian. The incident did not compromise the security or functioning of internal systems, and there was no evidence of access to transactions, trading, or client investments.

Figure Technology Solutions, Inc., on behalf of its subsidiaries Figure Lending LLC, Figure Markets Credit LLC, and Figure Payments Corporation, disclosed a data breach on January 28, 2026. The incident involved unauthorized activity on their systems, leading to the exposure of customer names, addresses, bank account numbers, and routing numbers through queries on company databases storing loan and loan inquiry data. Social Security Numbers were not affected. There was no evidence of unauthorized access to customer accounts or funds, and business operations remain uninterrupted. The company is offering two years of complimentary credit monitoring and identity restoration services through TransUnion and has implemented enhanced security measures.

Hennessy Advisors, Inc. experienced a data security incident discovered on March 30, 2025, when suspicious activity affected system access. An investigation, involving third-party specialists, revealed that personal information of certain investors in the Hennessy Funds was accessed and released without authorization by late December 2025. The company became aware of unauthorized access to specific personal information on February 5, 2026. As a result, 12,643 records were affected. Hennessy Advisors is offering complimentary credit monitoring and identity theft protection services through IDX.

H&N Tax, Inc. dba CSA Tax experienced a network disruption on or around December 2, 2025, which resulted in unauthorized access to certain information stored on their network for a limited period. A thorough investigation determined that the potentially affected data may have included first and last names in combination with Social Security numbers. The company is offering complimentary credit monitoring and identity protection services to affected individuals.