.png)
FoxTrot Data Breach Compromises Social Security Numbers
FoxTrot LLC, a third-party service provider that offers software solutions for back-office operations, experienced a data breach in April 2026 that exposed the personal information of consumers. The breach affected individuals whose data was maintained by FoxTrot on behalf of Caldwell Sutter Capital Inc., a company headquartered in Sausalito, California.
Caldwell Sutter Capital disclosed the incident through a notification letter sent to affected individuals. According to the notification letter from Caldwell Sutter Capital, an unauthorized third party gained access to certain data maintained by FoxTrot on April 22, 2026.
FoxTrot notified Caldwell Sutter Capital of the data security incident one week later, on April 29, 2026. Upon receiving this notification, Caldwell Sutter Capital stated that it promptly began working with FoxTrot to understand the nature and scope of the incident. The company also worked to assess the impact on its data and to confirm that appropriate steps had been taken to contain and remediate the issue.
Caldwell Sutter Capital conducted a review to determine which types of information were involved for each affected individual. The types of personal information exposed in the breach included names, account numbers, financial account codes and Social Security numbers.
Additionally, an entity named Holly Lam filed a disclosure with the Nebraska Attorney General on May 29, 2026, detailing the incident. Not much information is publicly known about Holly Lam, although it is listed as a financial services/insurance organization type on the attorney general's website.
In the case of Holly Lam, the information types compromised included names, account numbers, and dates of birth.
Foxtrot's response to the breach
Foxtrot worked closely with the affected organizations to ensure the breach was contained. FoxTrot is additionally implementing more extensive controls and safeguards to its existing policies and procedures to help prevent similar incidents in the future.
Caldwell Sutter Capital is offering affected individuals 24 months of complimentary credit monitoring and identity protection services through Experian IdentityWorks.
Affected individuals can enroll in Experian IdentityWorks by visiting the Experian enrollment page and entering the activation code included in their notification letter. The enrollment deadline is Sept. 30, 2026. Identity restoration services are available for 24 months from the date of the notification letter and do not require any action to activate.
For questions about the Experian monitoring and restoration services, affected individuals can contact Experian's customer care team at 833-931-7577, Monday through Friday, 8 a.m. to 8 p.m. Central Time, excluding major U.S. holidays.
For additional questions about the breach itself, affected individuals can reach Caldwell Sutter Capital at 800-456-1119, Monday through Friday, 6 a.m. to 5 p.m. Pacific Time, excluding major U.S. holidays. They can also send an email to clientexperience@cald.com.
Names
Social Security Numbers
Dates of Birth
Addresses
Government IDs
Medical Info
Financial Info- Affected information types not yet disclosed
Data Breach Settlements
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
What to Read Next
Subscribe to our weekly class actions newsletter.
.svg)