What Happened
On February 16, 2026, the cybercrime group ShinyHunters breached Mercer Advisors, a major U.S. investment advisory firm managing approximately $92 billion in assets, claiming to have stolen approximately 5 million records containing personally identifiable information and internal corporate data. The attackers allegedly used voice phishing (vishing) techniques to obtain single sign-on credentials from Okta, Microsoft, and Google services, and the stolen data included sensitive information such as Social Security numbers, birthdates, and email addresses. ShinyHunters posted a threat on February 21, 2026, demanding contact within 48 hours (by February 18) before threatening to leak the data on the dark web. Mercer Advisors confirmed the incident, stating that they “secured the affected environment and launched an investigation” and that “the activity has been contained and limited in scope,” though their investigation remained ongoing.
