Financial Sector Security Intelligence
Tracking breaches, regulatory updates, and threats affecting banks, fintechs, and financial institutions.
Latest Intelligence
View All →Fiesta Insurance Franchise Corporation - Data Breach
Fiesta Insurance Franchise Corporation disclosed a data breach on June 9, 2025. The company is offering complimentary Experian IdentityWorks Credit 3B membership to affected individuals to help protect their identity. The membership includes access to credit reports, credit monitoring, identity restoration support, and identity theft insurance. The notification letter does not specify the exact date of the incident or the number of records affected, but it implies that personal information such as names, addresses, dates of birth, emails, and phone numbers may have been exposed.
Surplus Line Association of California - Data Breach
On or around April 14, 2026, the Surplus Line Association of California (SLA of California) detected suspicious activity in its network. An investigation, aided by cybersecurity specialists, revealed that unauthorized access and acquisition of certain files occurred on April 4, 2026. A third-party vendor's review on June 15, 2026, confirmed that personal information, potentially including first and last name and Social Security number, was compromised. SLA of California has notified relevant authorities and is offering complimentary identity theft protection services through Cyberscout.
YouLend US LLC - Data Breach
YouLend US LLC experienced a data privacy breach between June 5, 2026, and June 9, 2026, when unauthorized access to their computer network occurred. The investigation confirmed that certain files containing personal information, including Name, Date of Birth, and Social Security number, were acquired. The company has taken steps to secure its systems, reported the incident to law enforcement, and is offering 12 months of complimentary credit monitoring and identity protection services through Cyberscout.
Markel Insurance - Data Breach
Markel Insurance experienced a data security incident between March 17-18, 2026, where an unauthorized actor used social engineering to deceive two employees and gain access to a limited portion of Markel's systems. The company detected and blocked the activity, notified law enforcement, and engaged third-party security experts. An investigation determined that the unauthorized actor obtained the victim's name. Markel is offering two years of complimentary credit monitoring and identity restoration services through TransUnion.
AssetMark, Inc. - Data Breach
AssetMark, Inc., a wealth management platform, experienced a data breach on May 15, 2026, when an unauthorized user gained access to and downloaded files containing customer information using compromised employee login credentials. The company became aware of the incident on the same day and initiated an investigation. By May 18, 2026, it was determined that certain files contained personal information. AssetMark has secured its systems, reset credentials, engaged security professionals, increased monitoring, and implemented additional safeguards. They are offering 24 months of credit monitoring and identity theft prevention services to affected individuals.
AssuranceAmerica Managing General Agency, LLC - Data Breach
AssuranceAmerica Managing General Agency, LLC experienced a cybersecurity incident on March 16, 2026, where an unauthorized third party accessed their IT systems and copied data files. The company discovered the suspicious activity on March 17, 2026, and subsequently identified that personal information, including name, contact information, automobile insurance details, driver/vehicle information, claims data, driver's license number, Tax ID, and Social Security number, was compromised. AssuranceAmerica has implemented enhanced security measures, notified law enforcement, and is offering affected individuals 12 months of complimentary credit monitoring services.
Orrstown Bank - Data Breach
Orrstown Bank disclosed a data breach on June 11, 2026. No further details regarding the date of occurrence, discovery, number of records affected, specific data exposed, or the attack vector were provided in the available information.
the West Series of Lockton Companies, LLC - Data Breach
The West Series of Lockton Companies, LLC, an insurance brokerage firm providing employee benefit services to Dexcom, Inc., inadvertently disclosed an Excel file containing Dexcom employee personal information to three participants of a Request for Proposal (RFP) for family forming benefits. The file contained Social Security numbers, first names, last names, dates of birth, and potentially limited employee benefits election information. Access to the file was promptly revoked, and the RFP participants either did not access it or confirmed its deletion. Lockton is notifying affected individuals out of an abundance of caution and is offering a complimentary two-year membership to Experian IdentityWorks.
Caldwell Sutter Capital, Inc. - Data Breach
Caldwell Sutter Capital, Inc. disclosed a data breach on June 11, 2026. The nature of the breach, the date it occurred or was discovered, the number of records affected, and the specific types of data exposed are not detailed in the provided information.
McAdam Financial Group - Data Breach
McAdam Financial Group disclosed a data breach on June 10, 2026. No further details regarding the date of occurrence, discovery, number of records affected, specific data exposed, or the attack vector were provided in the available information.
Towerpoint Wealth, LLC - Data Breach
Towerpoint Wealth, LLC experienced a cybersecurity incident on April 27, 2026, where an unauthorized party accessed and copied certain files. The investigation revealed that the affected files contained the minor's name and potentially their Social Security number and/or financial/investment account information. Towerpoint has implemented enhanced security measures, including multi-factor authentication and updated policies, and is offering 12 months of free cyber monitoring services through Cyberscout to affected individuals.
CNO Services, LLC - Data Breach
CNO Services, LLC disclosed a data breach on June 8, 2026. No further details regarding the date of occurrence, discovery, number of records affected, specific data exposed, or the attack vector were provided in the available information.
Plaza Home Mortgage, Inc. - Data Breach
Plaza Home Mortgage, Inc. experienced a security incident on or around February 17, 2026, when threat actors gained unauthorized access to one employee's computer and information systems. The investigation indicates that personal information, potentially including name, address, social security number, birth date, driver's license or other government identification, and mortgage loan application and servicing information, may have been obtained by an unauthorized party. The company has implemented additional security measures and is offering 12 months of credit monitoring and identity theft services through CyEx.
Mariner Wealth Advisors, LLC - Data Breach
Mariner Wealth Advisors, LLC disclosed a data breach on June 1, 2026. No further details regarding the date of occurrence, discovery, number of records affected, specific data exposed, or the attack vector were provided in the available information.
Joyal Capital Management, LLC - Data Breach
Joyal Capital Management, LLC disclosed a data breach on May 29, 2026. The nature of the breach, the date it occurred or was discovered, the number of records affected, and the specific types of data exposed are not detailed in the provided information. The attack vector is also unknown.
KerberRose S.C. - Data Breach
KerberRose S.C. disclosed a data breach on May 29, 2026. The nature of the breach, the date it occurred or was discovered, the number of records affected, and the specific types of data exposed are not detailed in the provided information. The attack vector is also unknown.
Educational Employees Credit Union - Data Breach
Educational Employees Credit Union experienced a data breach on December 15, 2025, when an unauthorized individual gained access to an employee email account for a limited period. The credit union discovered the incident on the same day and initiated an investigation with cybersecurity professionals. The investigation concluded on May 8, 2026, determining that certain emails containing personal information may have been accessed or removed. While there is no evidence of financial fraud or identity theft, the credit union is offering two years of complimentary identity monitoring services through Kroll, which include credit monitoring, fraud consultation, and identity theft restoration.
Industrial Acceptance Corporation - Data Breach
The Industrial Acceptance Corporation disclosed a data breach on May 29, 2026. No further details regarding the date of occurrence, discovery, number of records affected, specific data exposed, or the attack vector were provided in the available information.
Smith & James, CPAs - Data Breach
Smith & James, CPAs experienced a data security incident where an unknown actor accessed and acquired personal information on or about March 5, 2026. The company became aware of suspicious activity in their email environment on March 9, 2026, and engaged cybersecurity experts to investigate. The investigation confirmed that the exposed data included names, Social Security numbers, dates of birth, medical information, and health insurance information. Smith & James is offering complimentary credit monitoring and identity theft protection services through Cyberscout, a TransUnion company.
Texas Capital - Data Breach
Texas Capital disclosed a data breach on April 26, 2026. The company is offering affected individuals a complimentary two-year membership to Experian's IdentityWorks℠ to help protect their identity. This service includes credit monitoring, internet surveillance for dark web activity, identity restoration specialists, and $1 million in identity theft insurance. The notification letter provides instructions for enrollment, including an activation code and a deadline of September 30, 2026. Contact information for Experian is provided for fraud issues and enrollment assistance.
TD Bank U.S. - Data Breach
TD Bank U.S. disclosed a data breach on May 26, 2026. The specifics of the breach, including the date it occurred, the number of records affected, the types of data exposed, and the attack vector, were not provided in the available information.
Frost Bank - Data Breach
Frost Bank disclosed a data breach on December 6, 2025. Affected individuals are being offered free credit monitoring services through Cyberscout. The notification letter suggests that personal information, potentially including Social Security numbers, account numbers, names, addresses, emails, and phone numbers, may have been exposed. The exact date of the incident and the attack vector are not specified. Affected individuals are advised to enroll in credit monitoring within 90 days and to remain vigilant by reviewing account statements and credit reports.
Boston Capital Holdings LP - Data Breach
Boston Capital Holdings LP disclosed a data breach on May 18, 2026. No further details regarding the date of occurrence, discovery, records affected, data exposed, or attack vector were provided in the available information.
The Beacon Mutual Insurance Company - Data Breach
The Beacon Mutual Insurance Company disclosed a data breach on May 18, 2026. No further details regarding the date of occurrence, discovery, number of records affected, specific data exposed, or the attack vector were provided in the available information.
Cresset Capital Management - Data Breach
Cresset Capital Management disclosed a data breach on April 6, 2026, after identifying suspicious activity within their computer network. The company promptly activated incident response protocols and engaged third-party cybersecurity professionals. While client assets, funds, and accounts were not compromised, personal information including name, contact information, date of birth, Social Security number, driver's license number, passport number, and financial account information was accessed. Cresset is implementing enhanced monitoring and has arranged for affected individuals to receive a complimentary two-year subscription to Experian IdentityWorks.
US Tiger Securities Inc. (“US Tiger”) - Data Breach
US Tiger Securities Inc. experienced a cybersecurity incident where files in their virtual back-office environment were encrypted and copied by an unauthorized third party between July 8, 2025, and July 9, 2025. The investigation determined that customer-facing trading operations were not impacted, and no intrusion occurred within the TradeUP production environment. The company is offering a 24-month complimentary subscription to Experian IdentityWorks to affected individuals.
Hawaii Employers Mutual Insurance Company, Inc. - Data Breach
Hawaii Employers Mutual Insurance Company, Inc. disclosed a data breach on May 13, 2026. The specific details regarding the date of the incident, the number of records affected, the types of data exposed, and the attack vector are not provided in the available information.
Accelerate Infrastructure Opportunities LLC - Data Breach
Accelerate Infrastructure Opportunities LLC disclosed a data breach on May 11, 2026. No further details regarding the date of the incident, the number of records affected, the specific types of data exposed, or the attack vector were provided in the disclosure.
American Lending Center - Data Breach
American Lending Center disclosed a data breach on May 11, 2026. The specific details regarding the date of the incident, the number of records affected, the types of data exposed, and the attack vector are not provided in the available information.
Miller Insurance Protection Team - Data Breach
Miller Insurance Protection Team disclosed a data breach on May 9, 2026. No further details regarding the date of occurrence, discovery, records affected, data exposed, or attack vector were provided in the available information.