Mark Leyden & Associates Data Breach: Financial Info & SSNs Exposed

Mark Leyden & Associates LLC, a wealth management and financial advisory firm based in Indianapolis, disclosed a data breach that involved unauthorized access to a company email account.

The company discovered the breach on Feb. 23, 2026, and began notifying affected consumers on March 24, 2026.

According to the respective state filings, one Maine resident, three Massachusetts residents, and two New Hampshire residents were identified as affected. The total number of affected individuals across the United States was not disclosed in the regulatory filings.

What happened in the Mark Leyden & Associates data breach

According to the company's notification letters sent to affected individuals, the breach involved unauthorized access to an email account at Mark Leyden & Associates. The unauthorized access occurred over a period of approximately six months, between May and October of 2025.

After detection of the unauthorized access, an investigation was conducted to determine the scope of the incident and identify what personal information may have been affected. On Feb. 18, 2026, the investigation determined that emails accessed during the incident contained personal information belonging to certain individuals.

The types of personal information exposed in the breach included names, Social Security numbers, driver's license numbers and financial account information. The specific combination of data exposed varied by individual.

Mark Leyden & Associates' response to the breach

Consumer notification letters were sent to affected individuals via U.S. First-Class mail. The notification letters also included detailed guidance on additional protective steps that affected individuals can take to safeguard their personal information.

Mark Leyden & Associates is offering affected individuals complimentary credit monitoring and identity theft protection services through IDX. Some individuals were offered a two-year membership while others were offered a one-year membership.

Affected individuals can enroll by visiting the IDX enrollment page and entering the unique enrollment code provided in their notification letter. The deadline to enroll is June 20, 2026.

The company has also established a dedicated toll-free call center for individuals who have questions about the breach. The call center can be reached at 1-833-788-9712 and is available Monday through Friday from 8 a.m. to 8 p.m. Central Time. Mark Leyden & Associates can also be reached by mail at 3815 River Crossing Parkway, Suite 100, Indianapolis, IN 46240, or by phone at 317-566-2191.

Steps to take if your information was exposed

• Place a fraud alert or credit freeze with Equifax (1-888-378-4329), Experian (1-888-397-3742) and TransUnion (1-833-799-5355) to help prevent someone from opening new accounts using stolen personal information.
• Request free credit reports at AnnualCreditReport.com and review them carefully for any unfamiliar accounts, new credit inquiries or other suspicious activity.
• Obtain an IRS Identity Protection PIN through the IRS website to prevent someone from filing a fraudulent tax return using a stolen Social Security number.
• Report suspected identity theft to the Federal Trade Commission at IdentityTheft.gov or by calling 1-877-438-4338, and consider filing a report with local law enforcement as well.
• Monitor bank and financial accounts closely for any unauthorized transactions, since financial account information was among the data exposed in this breach.
• Be cautious of phishing attempts that reference Mark Leyden & Associates or this data breach by name, as scammers may try to use breach notifications to trick people into sharing additional personal information.