CP
cyberpings

Hightower Holding Data Breach - 130,000 Affected Individuals

Hightower Holding has reported a data breach affecting over 130,000 individuals. Hackers stole sensitive personal information, including Social Security numbers. The company is offering credit monitoring services to help mitigate risks for those impacted.

BreachesHIGHUpdated: Published:

Original Reporting

SWSecurityWeekΒ·Ionut Arghire

AI Summary

CyberPings AIΒ·Reviewed by Rohit Rana

🎯Basically, hackers stole personal information from Hightower Holding, affecting many people.

What Happened

In early January 2026, Hightower Holding, a parent company of financial management services, experienced a significant data breach. This incident has led to the exposure of sensitive personal information for over 130,000 individuals. The breach occurred between January 8 and 9, when hackers managed to exfiltrate files containing names, Social Security numbers, and driver’s license numbers from Hightower's environment.

The company has confirmed that the breach was caused by compromised user credentials rather than any security flaws in their systems. This means that the attackers likely gained access through stolen login information, which highlights the importance of robust password management and user authentication practices.

Who's Affected

The data breach has impacted 131,483 individuals, as reported by Hightower to the Maine Attorney General’s Office. Those affected include clients of Hightower Advisors, Hightower Securities, and Hightower Trust Company, all of which operate under the Hightower Holding umbrella. The company is taking steps to notify these individuals and provide support. While Hightower has stated that there is no indication of the stolen information being used for identity theft or fraud, the potential for such misuse remains a concern for those affected. The breach serves as a reminder of the vulnerabilities that can exist within financial services and the importance of safeguarding personal data.

What Data Was Exposed

The compromised files contained a range of sensitive personal information. Specifically, the data included: This type of information can be particularly valuable to cybercriminals, as it can be used to commit identity theft or fraud. Hightower is aware of the potential risks and is taking steps to mitigate them by offering affected individuals credit monitoring services for 12 months.

πŸ“

Names

πŸ‘€

Social Security numbers

πŸ’°

Driver’s license numbers

What You Should Do

If you are among those affected by the Hightower data breach, it is crucial to take immediate action to protect yourself. Here are some recommended steps: By taking these proactive measures, you can help safeguard your personal information and reduce the risk of identity theft following this breach.

Containment

  • 1.Enroll in the credit monitoring services offered by Hightower to keep an eye on your credit report.
  • 2.Change passwords for any accounts that may use the same credentials as those compromised in the breach.

Remediation

  • 3.Monitor your financial statements and credit reports for any suspicious activity.
  • 4.Consider placing a fraud alert on your credit file to make it harder for identity thieves to open accounts in your name.

πŸ”’ Pro Insight

πŸ”’ Pro insight: The breach underscores the critical need for enhanced credential security measures in financial services to prevent unauthorized access.

SWSecurityWeekΒ· Ionut Arghire
Read Original

Share

Related Pings

Preview image for Discord Sleuths Gain Unauthorized Access to Anthropic's Mythos
Breaches
HIGH

Discord Sleuths Gain Unauthorized Access to Anthropic's Mythos

Unauthorized access to Anthropic's Mythos AI tool was achieved by a group of Discord users. This breach raises serious concerns about data security and AI model access. Organizations must enhance their security measures to prevent similar incidents.

WRWired Security
Read PingRead Source
Preview image for University Websites Hijacked to Serve Explicit Content
Breaches
HIGH

University Websites Hijacked to Serve Explicit Content

Hundreds of university subdomains have been hijacked to serve explicit content. This breach highlights the need for better DNS record management. Universities must act quickly to protect their reputations.

ARArs Technica Security
Read PingRead Source
Preview image for ADT Breach - Customer Data Stolen in Cyber Intrusion
Breaches Widely Reported (3 sources)
HIGH

ADT Breach - Customer Data Stolen in Cyber Intrusion

ADT has confirmed a data breach affecting customer information, with the ShinyHunters group claiming to have stolen over 10 million records. The breach was reportedly executed through a vishing attack that compromised an employee's Okta account.

TRThe Record+2 more
Read PingRead Source
Preview image for Carnival Corporation - 7.5M Emails Exposed in Breach
Breaches
HIGH

Carnival Corporation - 7.5M Emails Exposed in Breach

Carnival Corporation is dealing with a major breach, exposing 7.5 million emails linked to its loyalty program. This incident raises serious concerns about data security and potential fraud. Users are advised to take immediate action to protect their information.

REThe Register Security
Read PingRead Source
Preview image for Biobank Medical Data - 500K Volunteers Listed for Sale on Alibaba
Breaches Widely Reported (4 sources)
HIGH

Biobank Medical Data - 500K Volunteers Listed for Sale on Alibaba

The UK Biobank has reported that the medical data of 500,000 volunteers was listed for sale on Alibaba, raising significant privacy concerns. The breach was attributed to misuse by researchers.

REThe Register Security+3 more
Read PingRead Source
Preview image for Admin Password Sharing Leads to Major Data Loss Incident
Breaches
HIGH

Admin Password Sharing Leads to Major Data Loss Incident

A security oversight led to significant data loss when a shared admin password was misused. The incident reveals the risks of poor password management practices. Organizations must adopt better security measures to avoid such breaches.

REThe Register Security
Read PingRead Source