Hightower Holding, the parent company of wealth management firm Hightower Advisors, has disclosed a data breach affecting more than 130,000 individuals following a cyberattack earlier this year. The company notified authorities that approximately 131,483 people were impacted by the incident.
The breach occurred in early January 2026, when unauthorized actors gained access to the company’s network by compromising user credentials. Investigations revealed that hackers were able to extract files from the system over a short period between January 8 and January 9.
According to the company, the stolen data includes highly sensitive personal information such as names, Social Security numbers, and driver’s license numbers. The exposure of such data significantly increases the risk of identity theft and financial fraud for affected individuals.
Hightower stated that the breach was linked to compromised user accounts rather than a systemic vulnerability in its infrastructure. The company also noted that, as of now, there is no confirmed evidence that the stolen data has been misused for fraudulent activities.
In response to the incident, Hightower has begun notifying affected individuals and is offering 12 months of complimentary credit monitoring and identity theft protection services. The company has not disclosed the identity of the threat actors, and no known cybercriminal group has publicly claimed responsibility for the attack.
The breach highlights ongoing cybersecurity challenges in the financial services sector, where large volumes of sensitive personal and financial data make organizations prime targets for credential-based attacks and data exfiltration.
