Mark Leyden and Associates Data Breach Investigation

When you trust a wealth management firm with your financial life, you expect them to protect more than just your money. You expect them to protect your identity. For clients of Mark Leyden and Associates LLC, an Indianapolis-based financial advisory firm, that trust may have been broken.

Mark Leyden and Associates disclosed a data breach allegedly involving unauthorized access to a company email account. The company discovered the breach on February 23, 2026, and began notifying affected individuals on March 24, 2026. The unauthorized access occurred over a period of approximately six months, between May and October of 2025. Contact our data breach lawyers to learn more. 

What Was Exposed

The compromised information included names, Social Security numbers, driver’s license numbers, and financial information. For clients of a wealth management firm, that combination is about as serious as a data breach gets. Social Security numbers open the door to new credit accounts, tax fraud, and identity theft that can take years to untangle. Financial account information can be used to drain accounts or commit wire fraud. Driver’s license numbers are used to establish false identities.

The breach, which occurred between January 17, 2025, and October 27, 2025, was the result of external hacking and has raised serious concerns about personal data security and the potential for identity theft among those affected.

Why The Mark Leyden Breach Raises Serious Legal Questions

Financial advisory firms are not ordinary businesses when it comes to data security. They are entrusted with some of the most sensitive personal and financial information people possess. Federal regulations, including those enforced by the Securities and Exchange Commission and the Federal Trade Commission’s Safeguards Rule, require financial firms to maintain robust data security programs, identify risks to client information, and respond quickly when a breach occurs.

When a company’s email system is compromised for six months without detection, it raises immediate questions about what security measures were actually in place. Was multi-factor authentication enabled? Were employees trained to recognize phishing attempts? Were systems being monitored for unusual access? The answers to those questions will matter a great deal in any legal proceeding that follows.

A new report from the Identity Theft Resource Center found that data compromises in 2025 reached a record high of 3,322 incidents, a five percent increase from 2024, with analysts noting that bad actors are becoming more sophisticated in targeting organizations that hold sensitive personal data. Financial firms remain a prime target precisely because the data they hold is so valuable.

What Victims Should Do Right Now

If you received a notification letter from Mark Leyden and Associates, do not wait to act. Steps to take immediately include:

• Place a credit freeze with all three major bureaus, Equifax, Experian, and TransUnion, to prevent new accounts from being opened in your name
• Set up fraud alerts so creditors must verify your identity before extending new credit
• Review your credit reports carefully for any unfamiliar accounts or inquiries
• Monitor your financial accounts closely for unauthorized transactions
• Keep a record of any suspicious activity, costs, or time spent dealing with identity theft issues

These steps help protect you, and they also help document your damages if you pursue legal action.

Why Victims Choose The Lyon Firm

Data breach victims deserve more than a free year of credit monitoring. When a financial firm fails to protect your most sensitive information, you have the right to hold them accountable. The Lyon Firm represents data breach victims nationwide, handling cases against companies of all sizes that fail to meet their legal obligation to protect client data.

Our attorneys understand the federal and state regulations that govern data security at financial firms, and we know how to build a case that gets results. We handle data breach cases on a contingency basis, meaning you pay nothing unless we recover for you. Contact The Lyon Firm today for a free, confidential consultation.