Hightower Holding Data Breach Affects 131,483 Clients: PII Exposed

Hightower Holding LLC, a Chicago-based financial services company and parent of the wealth management firm Hightower Advisors, disclosed a data breach that affected approximately 131,483 individuals in the United States, including 1,557 Maine residents.

Hightower Holding and its subsidiaries, including Hightower Securities LLC and Hightower Trust Company N.A., provide investment, financial and retirement planning services to individuals, foundations, family offices and corporations.

The company discovered the breach on March 12, 2026,

The company reported the breach to the Maine Attorney General on March 23, 2026, and began sending written notices to affected individuals on the same day.

What happened in the Hightower Holding data breach

The breach began when an unauthorized party gained access to the company's computer systems through a compromised user account. The unauthorized access occurred between Jan. 8, 2026, and Jan. 9, 2026. During that period, certain files stored within the company's network were downloaded without authorization.

Hightower Holding first became aware of the compromised account on Jan. 9, 2026, according to the notification. The company initiated a comprehensive investigation to determine the full nature and scope of the event, with the assistance of third-party cybersecurity and digital forensic specialists.

The investigation confirmed that files containing sensitive personal information had been downloaded during the period of unauthorized access.

After identifying which files were affected, the company brought in additional third-party data review specialists to conduct a review of the file contents. The review determined which individuals had personal information in the compromised files and what specific types of data were involved.

The types of personal information exposed in the breach included names, Social Security numbers and driver's license numbers.

Hightower Holding's response to the breach

In its notice, the company stated that the incident "was not due to a deficiency in the Company's environment, but rather as a result of compromised user credentials." Hightower Holding said it has since undertaken additional measures to further strengthen its cybersecurity posture, including with respect to credentialed users.

Given the sensitive nature of the information involved, the company is offering affected individuals 12 months of free single-bureau credit monitoring and fraud assistance through Cyberscout, a TransUnion company. Individuals can enroll at no cost by visiting the Cyberscout enrollment page and entering the unique code included in their notification letter.

Enrollment must be completed within 90 days of the date of the letter. The company noted that it is unable to enroll individuals on their behalf.

The company has also set up a dedicated assistance line for individuals with questions about the incident. The line is available from 8 a.m. to 8 p.m. Eastern time, Monday through Friday, excluding major U.S. holidays. The phone number is included in each individual's notification letter.

The notification to consumers included guidance on how to protect against identity theft and fraud, including information about fraud alerts, credit freezes and how to obtain free credit reports.

Steps to take if your information was exposed

• Place a fraud alert or credit freeze with Equifax at 1-888-298-0045, Experian at 1-888-397-3742 and TransUnion at 1-833-799-5355.
• Monitor credit reports regularly by requesting free reports at AnnualCreditReport.com and reviewing them for unfamiliar accounts over the next 12 to 24 months.
• Review financial account statements carefully for any unauthorized transactions, unfamiliar charges or unexpected changes to bank, brokerage, investment and retirement accounts.
• Be cautious of phishing attempts that reference Hightower Holding, Hightower Advisors or this breach by name, as scammers may use such details to make fake communications seem legitimate.
• Report suspected identity theft to the Federal Trade Commission at IdentityTheft.gov or by calling 1-877-438-4338, and file a report with local law enforcement if needed.
• Review credit reporting rights through the Consumer Financial Protection Bureau's summary of consumer protections under the Fair Credit Reporting Act, which outlines rights related to credit report accuracy and identity theft.