Hennessy Advisors Data Breach Impacts 12k: SSNs Exposed

On Feb. 5, 2026, Hennessy Advisors, a publicly traded investment management firm, identified unauthorized access to personal information related to investors in the Hennessy Funds. The breach affected a total of 12,643 individuals in the United States, including 729 Texas residents, 346 Massachusetts residents, 147 Indiana residents, and 48 Maine residents.

The company first discovered suspicious activity on its systems on March 30, 2025, which led to an investigation. However, it was not until late December 2025 that Hennessy Advisors confirmed that personal information had been accessed and released without authorization.

The breach was the result of unauthorized access to certain systems and data, but there is no public indication of who was responsible for the incident or whether it was caused by external threat actors or internal vulnerabilities.

The information exposed in this breach included personally identifiable information (PII) such as names, Social Security numbers, driver's licenses, and financial account information such as account number, credit or debit card number.

The investigation for identifying affected individuals concluded by Feb. 5, 2026.

Starting on Feb. 24, 2026, the breach was formally disclosed to the attorneys general of California, Indiana, Maine, Texas, and Vermont, and the Massachusetts Office of Consumer Affairs and Business Regulation. All affected individuals were notified in writing on Feb. 23, 2026.

Hennessy Advisors' response

To assist those impacted, Hennessy Advisors is offering complimentary identity theft protection and credit monitoring services through IDX, a data breach and recovery services provider. The services include credit and CyberScan monitoring, a $1 million insurance reimbursement policy, and fully managed identity theft recovery services.

Affected individuals are encouraged to enroll in these services by May 23, 2026, using the enrollment code provided in their notification letter.

Additionally, Hennessy Advisors recommends that all affected parties remain vigilant by reviewing account statements and credit reports for suspicious activity.

They also suggest placing a fraud alert or security freeze on credit files and provide detailed instructions and resources for doing so. The company’s notification letter outlines steps for obtaining free credit reports and contacting relevant authorities, including the Federal Trade Commission and state attorneys general.