What Happened
In February 2026, the cyber extortion group ShinyHunters claimed to have breached Pathstone Family Office (pathstone.com), a U.S.-based wealth management firm, by allegedly gaining unauthorized access to its network between December 1-2, 2024, and exfiltrating approximately 641,000 records (with some reports citing 1.15 million individuals affected or 15 GB of data from its Salesforce environment) containing sensitive personally identifiable information (PII) such as names, Social Security numbers, driver’s license numbers, dates of birth, addresses, and health-related data, alongside internal corporate documents including client financial profiles, contracts, estate planning details, and investment notes for over 91,000 high-net-worth clients managing $160 billion in assets. The group issued an ultimatum on its dark web leak site around February 27, 2026, demanding contact by March 2, 2026, to avoid public release, and following non-compliance, listed the data for sale by early March, part of a broader 2026 campaign targeting financial firms like Mercer Advisors via stolen OAuth tokens and vishing; Pathstone has not confirmed the breach, no data samples were initially released, and it prompted class action investigations over alleged security failures.
