Vanguard Data Breach Exposes Social Security Numbers

On Feb. 11, 2026, The Vanguard Group, disclosed a data breach to the Massachusetts Office of Consumer Affairs and Business Regulation, alerting regulators that sensitive consumer information had been compromised.

According to the disclosure, the breach affected at least one individual in Massachusetts, but the scale of the incident may be broader given Vanguard’s extensive client base.

The exposed data included social security numbers, which are considered highly sensitive personally identifiable information (PII). Current public disclosures do not report any additional types of information being compromised.

The breach notification did not specify how the data was accessed or whether the incident was due to an external cyberattack, insider threat, or another cause.

Vanguard's response

In response to the breach, Vanguard has notified affected individuals and relevant regulatory authorities as required by law.

Affected individuals should remain vigilant for signs of identity theft or fraud, such as unexpected credit report activity or unsolicited communications regarding financial accounts.

It is recommended that anyone who receives a breach notification from Vanguard take the following steps:

• Review the notice carefully and follow any instructions provided
• Consider placing a fraud alert or credit freeze with the major credit bureaus
• Monitor personal financial accounts for unusual activity
• Obtain a free credit report to check for unauthorized accounts or inquiries
• Report any suspicious activity to authorities promptly