Cyber Incident Victim: Hightower Holding

Hightower Holding, the parent companyof financial management services provider Hightower Advisors, disclosed a data breach affecting over 130,000 individuals. The company operates as a holding company that provides financial management, retirement planning, wealth and investment advisory, and other services through subsidiaries including Hightower Advisors, Hightower Securities, and Hightower Trust Company. In a written notification letter sent to impacted individuals this week, Hightower Holding stated that it fell victim to a cyberattack in early January 2026. The notification indicated that the attackers exfiltrated certain files from its environment between January 8 and January 9, 2026.

Together with third‑party specialists, Hightower Holding reviewed the stolen files and determined that they contained personal information such as names, Social Security numbers, and driver’s license numbers. The company characterized the breach as resulting from compromised user credentials rather than from a deficiency in its technical environment. In the notification letter, Hightower Holding told recipients that there is no indication that their information has been used to commit identity theft or fraud in relation to this event. The statement was included to reassure affected individuals about the current status of their data.

This week, Hightower Holding notified the Maine Attorney General’s Office that 131,483 people were affected by the incident. As part of its response, the company is providing the impacted individuals with 12 months of free identity theft and credit monitoring services. Hightower Holding has not disclosed any details about the threat actor responsible for the attack, and SecurityWeek has not observed any known extortion groups claiming responsibility for the breach. The notification process and offered services constitute the company’s disclosed actions following the discovery of the compromise.