Hightower Holding Data Breach Impacts 130,000

Hightower Holding, the parent company of financial management services provider Hightower Advisors, is notifying over 130,000 individuals of a data breach. Operating as a holding company, Hightower Holding provides financial management, retirement planning, wealth and investment advisory, and other services through subsidiaries such as Hightower Advisors, Hightower Securities, and Hightower Trust Company. In a written notification letter sent to the impacted individuals this week, the company revealed that it fell victim to a cyberattack in early January 2026, and that the hackers exfiltrated certain files from its environment between January 8 and 9. Hightower says it reviewed the stolen files together with third-party specialists, determining that they contained personal information such as names, Social Security numbers, and driver’s license numbers. The data breach, it said, was the result of compromised user credentials, and not a deficiency in its environment. “Please note that we have no indication that your information has been used to commit identity theft or fraud in relation to this event,” Hightower told the impacted individuals. This week, the company notified the Maine Attorney General’s Office that 131,483 people were affected by the incident. Hightower is providing the impacted individuals with 12 months of free identity theft and credit monitoring services. Hightower Holding has not shared details on the threat actor responsible for the attack. SecurityWeek has not seen any known extortion groups claiming responsibility for the incident. Related: 3.1 Million Impacted by QualDerm Data Breach Related: Navia Data Breach Impacts 2.7 Million Related: Marquis Data Breach Affects 672,000 Individuals Related: Security Firm Aura Discloses Data Breach Impacting 900,000 Records WRITTEN BY Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. More from Ionut Arghire iOS, macOS 26.4 Roll Out With Fresh Security Patches FCC Bans New Routers Made Outside the US Over National Security Risks From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI Extortion Group Claims It Hacked AstraZeneca Chrome 146 Update Patches High-Severity Vulnerabilities 3.1 Million Impacted by QualDerm Data Breach Critical Citrix NetScaler Vulnerability Poised for Exploitation, Security Firms Warn Mazda Says Employee, Partner Information Stolen in Cyberattack Latest News BIND Updates Patch High-Severity Vulnerabilities Chinese Hackers Caught Deep Within Telecom Backbone Infrastructure Cisco Patches Multiple Vulnerabilities in IOS Software Alleged RedLine Malware Administrator Extradited to US Dell and HP Roll Out Quantum-Resistant Device Security and AI-Era Cyber Resilience Onit Security Raises $11 Million for Exposure Management Platform Russian Cybercriminal Gets 2-Year Prison Sentence in US  AI Speeds Attacks, But Identity Remains Cybersecurity’s Weakest Link Trending Webinar: Securing Fragile OT In An Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Webinar: Why Automated Pentesting Alone Is Not Enough April 7, 2026 Join our live diagnostic session to expose hidden coverage gaps and shift from flawed tool-level evaluations to a comprehensive, program-level validation discipline. Register People on the Move Token has appointed Katy Nelson as Chief Revenue Officer. Hemant Baidwan has joined Knox Systems as Chief Information Security Officer. The US Senate confirmed Markwayne Mullin as DHS Secretary. More People On The Move Expert Insights Why Agentic AI Systems Need Better Governance – Lessons From OpenClaw Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access, (Etay Maor) The Human IOC: Why Security Professionals Struggle With Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) How To 10x Your Vulnerability Management Program In The Agentic Era The evolution of vulnerability management in the agentic era is characterized by continuous telemetry, contextual prioritization and the ultimate goal of agentic remediation. (Nadir Izrael) SIM Swaps Expose A Critical Flaw In Identity Security SIM swap attacks exploit misplaced trust in phone numbers and human processes to bypass authentication controls and seize high-value accounts. (Torsten George) Four Risks Boards Cannot Treat As Background Noise The goal isn’t about preventing every attack but about keeping the business running when attacks succeed. (Steve Durbin) Flipboard Reddit Whatsapp Email