Hightower Holding, the entity behind the financial advisory firm Hightower Advisors, has reported a significant data breach affecting over 130,000 individuals. The company has started notifying those impacted, highlighting the scale of the cyber incident.
Details of the Cybersecurity Incident
As a primary holding company, Hightower Holding offers a range of financial services through various subsidiaries, including Hightower Advisors, Hightower Securities, and Hightower Trust Company. In early January 2026, the company fell victim to a cyberattack, during which attackers managed to extract specific files from its systems over a two-day period, from January 8 to 9.
In a communication sent to the affected parties, Hightower disclosed that the breach involved the unauthorized access of sensitive personal data. The compromised information includes names, Social Security numbers, and driver’s license numbers.
Investigation and Response
Following the incident, Hightower collaborated with third-party cybersecurity experts to analyze the stolen files and understand the breach’s implications. It was determined that the attack resulted from compromised user credentials rather than a failure in the company’s security infrastructure.
Despite the breach, Hightower assured the affected individuals that there is currently no evidence of their information being used for identity theft or fraud. As a precaution, the company is offering 12 months of complimentary identity theft and credit monitoring services to those impacted.
Regulatory Notification and Continual Security Measures
Hightower has informed the Maine Attorney General’s Office about the breach, confirming that 131,483 people were affected by the incident. However, the company has not disclosed any information regarding the attackers or if any known extortion groups have claimed responsibility.
The breach highlights the ongoing challenges financial service providers face in securing sensitive data. Hightower’s response includes bolstering their cybersecurity measures to prevent future incidents. The company remains committed to protecting client data and maintaining transparency regarding security matters.
This incident serves as a reminder of the critical importance of robust cybersecurity practices and the need for continuous vigilance in the digital landscape.
