Skip to main content
A man sees his private data publicly available online, prompting him to consider filing an AI data security lawsuit

Hightower Holding Data Breach

Written by Joseph Lyon on . Posted in Data Breach.

When a wealth management firm gets breached, the stakes are especially high. These companies hold some of the most sensitive financial and personal information imaginable. That is exactly the situation playing out right now with the Hightower Holding data breach, which resulted in notifications to more than 131,000 people in late March 2026 confirming that their personal data had been accessed and downloaded by an unauthorized party.

If you received a letter from Hightower Holding, Hightower Advisors, or any of its affiliated entities, here is what you need to know about what happened, what data was taken, and what legal options may be available to you. Contact our data breach lawyers to learn more. 

What Is Hightower Holding?

Hightower Holding, LLC is the Chicago-based parent company of Hightower Advisors, LLC, one of the country’s largest independent wealth management firms. The company supports registered investment advisors across the United States and operates several subsidiaries, including Hightower Securities, LLC and Hightower Trust Company, N.A. Its services range from investment management and financial planning to trust administration and retirement solutions.

In short, Hightower sits at the center of its clients’ financial lives. The data it holds is not trivial, and a breach of its systems carries serious real-world consequences.

What Happened in the Hightower Holding Data Breach?

On January 9, 2026, Hightower Holding discovered that a user account within its systems had been compromised, leading to unauthorized access. The company launched an investigation with the help of third-party cybersecurity and digital forensic specialists. That investigation confirmed that between January 8 and January 9, 2026, files containing sensitive personal information were downloaded without authorization.

The attack appears to have been carried out through a stolen or compromised account credential, one of the most common methods criminals use to bypass corporate security. According to the Verizon 2025 Data Breach Investigations Report, 60 percent of data breaches involve a human element such as phishing or stolen login credentials.

Affected individuals were not notified until March 23, 2026, more than two and a half months after the unauthorized downloads occurred.

How Many People Were Affected?

The Hightower Holding data breach affected approximately 131,483 individuals across the United States. Hightower filed its breach notice with the Maine Attorney General’s Office, confirming that 1,557 Maine residents were among those impacted.

What Information Was Exposed?

Based on available breach notices and regulatory filings, the types of personal information exposed in the Hightower Advisors data breach include:

  • Full legal names and home addresses
  • Social Security numbers
  • Dates of birth
  • Financial account information
  • Investment account records

For clients of a wealth management firm, this combination is particularly dangerous. Someone with access to your Social Security number, date of birth, and financial account details has everything needed to attempt account takeovers, fraudulent wire transfers, or new lines of credit opened in your name.

Why the Hightower Data Breach Deserves Serious Attention

Victims of financial data theft commonly report fraudulent charges on bank and credit card accounts, unauthorized credit applications, government services ordered in their name, personal information appearing on the dark web, and a sharp increase in phishing texts, calls, and emails.

The two and a half month delay between the breach and the consumer notifications is also significant. That gap gave bad actors a head start, and it raises legitimate questions about whether Hightower acted quickly enough to protect the people whose data it was entrusted to keep safe.

What Should You Do Right Now?

If you received a Hightower Holding data breach notification letter, do not wait to take action. Here are steps to take immediately:

  • Place a fraud alert or credit freeze with all three major credit bureaus: Equifax, Experian, and TransUnion
  • Review all financial and investment account statements for any transactions you do not recognize
  • Change passwords on any accounts connected to Hightower or linked financial platforms
  • Enable two-factor authentication on your financial accounts
  • Stay alert for phishing emails or phone calls that reference Hightower, your investment accounts, or the breach by name
  • Enroll in any free credit monitoring services Hightower offers, but understand that one year of monitoring is not a complete solution

A Social Security number does not expire. The risk created by the Hightower Holding data breach can persist for years, and the protective steps you take now matter.

Can You Sue Hightower for the Data Breach?

Yes. Companies that hold sensitive financial data have a legal duty to protect it, and when that protection fails due to inadequate security practices, affected individuals may have the right to pursue compensation through a data breach lawsuit or class action.

How The Lyon Firm Can Help

The Lyon Firm has extensive experience representing victims of large-scale data breaches and financial privacy violations. Our attorneys know how to hold wealth management companies and financial institutions accountable when their security failures put clients at risk. We have the knowledge, resources, and track record to pursue these cases on behalf of individuals who trusted these companies with their most sensitive information.

If you received a notification letter about the Hightower Holding data breach or the Hightower Advisors data breach, contact The Lyon Firm today for a free, confidential consultation. We work on a contingency basis, which means there is no fee unless we recover compensation for you. Do not wait. The sooner you reach out, the more options you will have.

CONTACT THE LYON FIRM TODAY

Please complete the form below for a FREE consultation.

  • This field is for validation purposes and should be left unchanged.

Frequently Asked Questions

What is the Hightower Holding data breach? The Hightower Holding data breach is a 2026 cybersecurity incident in which an unauthorized party accessed and downloaded sensitive personal and financial information. The breach occurred on January 8 and 9, 2026, and affected clients of Hightower Holding, Hightower Advisors, Hightower Securities, and Hightower Trust Company.

Who was affected by the Hightower Holding data breach? Anyone who received a written notification letter from Hightower Holding or its subsidiaries on or around March 23, 2026 was affected. The breach impacted approximately 131,483 individuals across the United States.

What information was stolen in the Hightower data breach? The exposed data may include full names, home addresses, Social Security numbers, dates of birth, financial account information, and investment records.

How do I find out if I was part of the Hightower Holding data breach? Hightower mailed written notification letters to affected individuals beginning March 23, 2026. If you received such a letter, your information was involved. You can also contact Hightower directly or consult a data breach attorney for guidance.

What should I do if I got a Hightower data breach notification letter? Place a credit freeze with all three major credit bureaus, monitor your financial accounts closely, change relevant passwords, enable two-factor authentication, and consult with a data breach attorney to understand your legal rights.