Hightower Holding, the parent company of financial management services provider Hightower Advisors, is notifying over 130,000 individuals of a data breach.
Operating as a holding company, Hightower Holding provides financial management, retirement planning, wealth and investment advisory, and other services through subsidiaries such as Hightower Advisors, Hightower Securities, and Hightower Trust Company.
In a written notification letter sent to the impacted individuals this week, the company revealed that it fell victim to a cyberattack in early January 2026, and that the hackers exfiltrated certain files from its environment between January 8 and 9.
Hightower says it reviewed the stolen files together with third-party specialists, determining that they contained personal information such as names, Social Security numbers, and driver’s license numbers.
The data breach, it said, was the result of compromised user credentials, and not a deficiency in its environment.
“Please note that we have no indication that your information has been used to commit identity theft or fraud in relation to this event,” Hightower told the impacted individuals.
This week, the company notified the Maine Attorney General’s Office that 131,483 people were affected by the incident.
Hightower is providing the impacted individuals with 12 months of free identity theft and credit monitoring services.
Hightower Holding has not shared details on the threat actor responsible for the attack. SecurityWeek has not seen any known extortion groups claiming responsibility for the incident.
Related: 3.1 Million Impacted by QualDerm Data Breach
Related: Navia Data Breach Impacts 2.7 Million
Related: Marquis Data Breach Affects 672,000 Individuals
Related: Security Firm Aura Discloses Data Breach Impacting 900,000 Records
