Financial Sector Security Intelligence

Tracking breaches, regulatory updates, and threats affecting banks, fintechs, and financial institutions.

Latest Intelligence

View All →

BREACH

Fiesta Insurance Franchise Corporation - Data Breach

Fiesta Insurance Franchise Corporation disclosed a data breach on June 9, 2025. The company is offering complimentary Experian IdentityWorks Credit 3B membership to affected individuals to help protect their identity. The membership includes access to credit reports, credit monitoring, identity restoration support, and identity theft insurance. The notification letter does not specify the exact date of the incident or the number of records affected, but it implies that personal information such as names, addresses, dates of birth, emails, and phone numbers may have been exposed.

Breach: Jun 9, 2025California AG
BREACH

Surplus Line Association of California - Data Breach

On or around April 14, 2026, the Surplus Line Association of California (SLA of California) detected suspicious activity in its network. An investigation, aided by cybersecurity specialists, revealed that unauthorized access and acquisition of certain files occurred on April 4, 2026. A third-party vendor's review on June 15, 2026, confirmed that personal information, potentially including first and last name and Social Security number, was compromised. SLA of California has notified relevant authorities and is offering complimentary identity theft protection services through Cyberscout.

Breach: Apr 4, 2026California AG
BREACH

YouLend US LLC - Data Breach

YouLend US LLC experienced a data privacy breach between June 5, 2026, and June 9, 2026, when unauthorized access to their computer network occurred. The investigation confirmed that certain files containing personal information, including Name, Date of Birth, and Social Security number, were acquired. The company has taken steps to secure its systems, reported the incident to law enforcement, and is offering 12 months of complimentary credit monitoring and identity protection services through Cyberscout.

Breach: Jun 5, 2026California AG

BREACH

Markel Insurance - Data Breach

Markel Insurance experienced a data security incident between March 17-18, 2026, where an unauthorized actor used social engineering to deceive two employees and gain access to a limited portion of Markel's systems. The company detected and blocked the activity, notified law enforcement, and engaged third-party security experts. An investigation determined that the unauthorized actor obtained the victim's name. Markel is offering two years of complimentary credit monitoring and identity restoration services through TransUnion.

Breach: Mar 17, 2026California AG

BREACH

AssetMark, Inc. - Data Breach

AssetMark, Inc., a wealth management platform, experienced a data breach on May 15, 2026, when an unauthorized user gained access to and downloaded files containing customer information using compromised employee login credentials. The company became aware of the incident on the same day and initiated an investigation. By May 18, 2026, it was determined that certain files contained personal information. AssetMark has secured its systems, reset credentials, engaged security professionals, increased monitoring, and implemented additional safeguards. They are offering 24 months of credit monitoring and identity theft prevention services to affected individuals.

Breach: May 15, 2026California AG

BREACH

AssuranceAmerica Managing General Agency, LLC - Data Breach

AssuranceAmerica Managing General Agency, LLC experienced a cybersecurity incident on March 16, 2026, where an unauthorized third party accessed their IT systems and copied data files. The company discovered the suspicious activity on March 17, 2026, and subsequently identified that personal information, including name, contact information, automobile insurance details, driver/vehicle information, claims data, driver's license number, Tax ID, and Social Security number, was compromised. AssuranceAmerica has implemented enhanced security measures, notified law enforcement, and is offering affected individuals 12 months of complimentary credit monitoring services.

Breach: Mar 16, 2026California AG

BREACH

Orrstown Bank - Data Breach

Orrstown Bank disclosed a data breach on June 11, 2026. No further details regarding the date of occurrence, discovery, number of records affected, specific data exposed, or the attack vector were provided in the available information.

Breach: Jun 11, 2026Maine AG
BREACH

the West Series of Lockton Companies, LLC - Data Breach

The West Series of Lockton Companies, LLC, an insurance brokerage firm providing employee benefit services to Dexcom, Inc., inadvertently disclosed an Excel file containing Dexcom employee personal information to three participants of a Request for Proposal (RFP) for family forming benefits. The file contained Social Security numbers, first names, last names, dates of birth, and potentially limited employee benefits election information. Access to the file was promptly revoked, and the RFP participants either did not access it or confirmed its deletion. Lockton is notifying affected individuals out of an abundance of caution and is offering a complimentary two-year membership to Experian IdentityWorks.

Breach: May 13, 2026California AG

BREACH

Caldwell Sutter Capital, Inc. - Data Breach

Caldwell Sutter Capital, Inc. disclosed a data breach on June 11, 2026. The nature of the breach, the date it occurred or was discovered, the number of records affected, and the specific types of data exposed are not detailed in the provided information.

BREACH

McAdam Financial Group - Data Breach

McAdam Financial Group disclosed a data breach on June 10, 2026. No further details regarding the date of occurrence, discovery, number of records affected, specific data exposed, or the attack vector were provided in the available information.

Breach: Jun 10, 2026Maine AG
BREACH

Towerpoint Wealth, LLC - Data Breach

Towerpoint Wealth, LLC experienced a cybersecurity incident on April 27, 2026, where an unauthorized party accessed and copied certain files. The investigation revealed that the affected files contained the minor's name and potentially their Social Security number and/or financial/investment account information. Towerpoint has implemented enhanced security measures, including multi-factor authentication and updated policies, and is offering 12 months of free cyber monitoring services through Cyberscout to affected individuals.

Breach: Apr 24, 2026California AG

BREACH

CNO Services, LLC - Data Breach

CNO Services, LLC disclosed a data breach on June 8, 2026. No further details regarding the date of occurrence, discovery, number of records affected, specific data exposed, or the attack vector were provided in the available information.

Breach: Jun 8, 2026Maine AG

BREACH

Plaza Home Mortgage, Inc. - Data Breach

Plaza Home Mortgage, Inc. experienced a security incident on or around February 17, 2026, when threat actors gained unauthorized access to one employee's computer and information systems. The investigation indicates that personal information, potentially including name, address, social security number, birth date, driver's license or other government identification, and mortgage loan application and servicing information, may have been obtained by an unauthorized party. The company has implemented additional security measures and is offering 12 months of credit monitoring and identity theft services through CyEx.

Breach: Feb 17, 2026California AG

BREACH

Mariner Wealth Advisors, LLC - Data Breach

Mariner Wealth Advisors, LLC disclosed a data breach on June 1, 2026. No further details regarding the date of occurrence, discovery, number of records affected, specific data exposed, or the attack vector were provided in the available information.

Breach: Jun 1, 2026Maine AG

BREACH

Joyal Capital Management, LLC - Data Breach

Joyal Capital Management, LLC disclosed a data breach on May 29, 2026. The nature of the breach, the date it occurred or was discovered, the number of records affected, and the specific types of data exposed are not detailed in the provided information. The attack vector is also unknown.

Breach: May 29, 2026Maine AG
BREACH

KerberRose S.C. - Data Breach

KerberRose S.C. disclosed a data breach on May 29, 2026. The nature of the breach, the date it occurred or was discovered, the number of records affected, and the specific types of data exposed are not detailed in the provided information. The attack vector is also unknown.

Breach: May 29, 2026Maine AG

BREACH

Educational Employees Credit Union - Data Breach

Educational Employees Credit Union experienced a data breach on December 15, 2025, when an unauthorized individual gained access to an employee email account for a limited period. The credit union discovered the incident on the same day and initiated an investigation with cybersecurity professionals. The investigation concluded on May 8, 2026, determining that certain emails containing personal information may have been accessed or removed. While there is no evidence of financial fraud or identity theft, the credit union is offering two years of complimentary identity monitoring services through Kroll, which include credit monitoring, fraud consultation, and identity theft restoration.

Breach: Dec 15, 2025California AG
BREACH

Industrial Acceptance Corporation - Data Breach

The Industrial Acceptance Corporation disclosed a data breach on May 29, 2026. No further details regarding the date of occurrence, discovery, number of records affected, specific data exposed, or the attack vector were provided in the available information.

BREACH

Smith & James, CPAs - Data Breach

Smith & James, CPAs experienced a data security incident where an unknown actor accessed and acquired personal information on or about March 5, 2026. The company became aware of suspicious activity in their email environment on March 9, 2026, and engaged cybersecurity experts to investigate. The investigation confirmed that the exposed data included names, Social Security numbers, dates of birth, medical information, and health insurance information. Smith & James is offering complimentary credit monitoring and identity theft protection services through Cyberscout, a TransUnion company.

Breach: Mar 5, 2026California AG
BREACH

Texas Capital - Data Breach

Texas Capital disclosed a data breach on April 26, 2026. The company is offering affected individuals a complimentary two-year membership to Experian's IdentityWorks℠ to help protect their identity. This service includes credit monitoring, internet surveillance for dark web activity, identity restoration specialists, and $1 million in identity theft insurance. The notification letter provides instructions for enrollment, including an activation code and a deadline of September 30, 2026. Contact information for Experian is provided for fraud issues and enrollment assistance.

Breach: Apr 26, 2026California AG

BREACH

TD Bank U.S. - Data Breach

TD Bank U.S. disclosed a data breach on May 26, 2026. The specifics of the breach, including the date it occurred, the number of records affected, the types of data exposed, and the attack vector, were not provided in the available information.

Breach: May 26, 2026Maine AG

BREACH

Frost Bank - Data Breach

Frost Bank disclosed a data breach on December 6, 2025. Affected individuals are being offered free credit monitoring services through Cyberscout. The notification letter suggests that personal information, potentially including Social Security numbers, account numbers, names, addresses, emails, and phone numbers, may have been exposed. The exact date of the incident and the attack vector are not specified. Affected individuals are advised to enroll in credit monitoring within 90 days and to remain vigilant by reviewing account statements and credit reports.

Breach: Dec 6, 2025California AG

BREACH

Boston Capital Holdings LP - Data Breach

Boston Capital Holdings LP disclosed a data breach on May 18, 2026. No further details regarding the date of occurrence, discovery, records affected, data exposed, or attack vector were provided in the available information.

Breach: May 18, 2026Maine AG
BREACH

The Beacon Mutual Insurance Company - Data Breach

The Beacon Mutual Insurance Company disclosed a data breach on May 18, 2026. No further details regarding the date of occurrence, discovery, number of records affected, specific data exposed, or the attack vector were provided in the available information.

Breach: May 18, 2026Maine AG

BREACH

Cresset Capital Management - Data Breach

Cresset Capital Management disclosed a data breach on April 6, 2026, after identifying suspicious activity within their computer network. The company promptly activated incident response protocols and engaged third-party cybersecurity professionals. While client assets, funds, and accounts were not compromised, personal information including name, contact information, date of birth, Social Security number, driver's license number, passport number, and financial account information was accessed. Cresset is implementing enhanced monitoring and has arranged for affected individuals to receive a complimentary two-year subscription to Experian IdentityWorks.

Breach: Apr 6, 2026California AG
BREACH

US Tiger Securities Inc. (“US Tiger”) - Data Breach

US Tiger Securities Inc. experienced a cybersecurity incident where files in their virtual back-office environment were encrypted and copied by an unauthorized third party between July 8, 2025, and July 9, 2025. The investigation determined that customer-facing trading operations were not impacted, and no intrusion occurred within the TradeUP production environment. The company is offering a 24-month complimentary subscription to Experian IdentityWorks to affected individuals.

Breach: Jul 3, 2025California AG

BREACH

Hawaii Employers Mutual Insurance Company, Inc. - Data Breach

Hawaii Employers Mutual Insurance Company, Inc. disclosed a data breach on May 13, 2026. The specific details regarding the date of the incident, the number of records affected, the types of data exposed, and the attack vector are not provided in the available information.

Breach: May 13, 2026Maine AG

BREACH

Accelerate Infrastructure Opportunities LLC - Data Breach

Accelerate Infrastructure Opportunities LLC disclosed a data breach on May 11, 2026. No further details regarding the date of the incident, the number of records affected, the specific types of data exposed, or the attack vector were provided in the disclosure.

Breach: May 11, 2026Maine AG
BREACH

American Lending Center - Data Breach

American Lending Center disclosed a data breach on May 11, 2026. The specific details regarding the date of the incident, the number of records affected, the types of data exposed, and the attack vector are not provided in the available information.

Breach: May 11, 2026Maine AG

BREACH

Miller Insurance Protection Team - Data Breach

Miller Insurance Protection Team disclosed a data breach on May 9, 2026. No further details regarding the date of occurrence, discovery, records affected, data exposed, or attack vector were provided in the available information.

Breach: May 9, 2026Maine AG