Pathstone.com 2026 Data Breach

Pathstone Family Office Wealth Management Breach (2026): Ultra-High-Net-Worth Client Contact Records Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

ShinyHuntersCredential TheftFinancialEmail AddressFull NamePhone NumberPhysical Address
High SeverityWebsite / service breach

Pathstone Family Office Wealth Management Breach (2026): Ultra-High-Net-Worth Client Contact Records Exposed

Wealth management and advisory firm.

Verified by ObscureIQ Intelligence
61/100Breach Risk Index
14Data Value
60Market Recency
120dSince Breach

Breach Intelligence Summary

Entity: Pathstone.com · Actor: ShinyHunters · Sources: 2 references
Attack: Credential Theft
Profile: Financial institution · Wealth management and advisory services · Investment advisory firm · USA
Timeline: Breach (2026-02-27) · Year (2026)
Exposure: 48K records · 4 fields: Email Address, Full Name, Phone Number, Physical Address
Status: Confirmed

Executive Summary

In February 2026, the extortion group ShinyHunters claimed a breach of Pathstone Family Office, LLC, an ultra-high-net-worth wealth manager with about $170 billion in assets, alleging total exfiltration of its Salesforce environment and internal file systems (~15 GB compressed). The actor claimed roughly 641,000 records and detailed profiles of about 91,257 clients including financial intelligence, client contracts, legal paperwork, and estate-planning details, and set a March 2, 2026 ransom deadline. A DataBreach.com parse of circulating data confirmed contact-level identifiers (names, emails, phone numbers, street addresses) for about 48,246 individuals; the richer financial/estate data remains an actor claim not independently confirmed in circulation. Pathstone had not officially confirmed the incident as of the latest reporting.

ObscureIQ assessment: High risk of identity theft, account fraud, affluent-target targeting, and advisor impersonation. Wealth-management data is especially valuable because it signals significant assets and trusted financial relationships.

Breach Impact

Because inclusion in Pathstone’s data identifies someone as an ultra-high-net-worth client, exposure carries outsized risk of targeted spear-phishing, advisor impersonation, extortion, and even physical-security threats to wealthy families, beyond ordinary identity-theft concerns. ShinyHunters claims the stolen Salesforce dataset includes detailed client profiles with financial intelligence and estate-planning details, which if released would sharply amplify these risks.

About Pathstone.com

Pathstone Family Office, LLC is a large U.S. registered investment advisor and multi-family office serving ultra-high-net-worth individuals and families, operating at least 22 offices nationwide and overseeing more than $170 billion in assets. It aggregates highly sensitive financial, estate, tax, beneficiary, and contact information to manage assets and coordinate advisory work. (Not to be confused with the same-named behavioral-health nonprofit Pathstone Corporation.)

Why They Hold Your Data

Wealth-management firms collect highly sensitive investor identity, financial records, account data, beneficiary information, and advisory relationship records across planning and asset-management workflows.

Recent Developments

ShinyHunters listed Pathstone Family Office on its extortion site on February 27, 2026, with a March 2, 2026 ransom deadline, and later advertised a ~15 GB compressed Salesforce database for sale. Pathstone had not officially confirmed the incident as of the latest reporting; class-action investigations were opened. The attack is part of a wave of ShinyHunters Salesforce-targeted breaches of wealth-advisory firms (also naming Mercer Advisors and Beacon Pointe).

Data Points Exposed

4 verified field types
Email Address
Full Name High
Phone Number
Physical Address High

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Critical
Primary downstream threats:
  • Highly targeted spear-phishing and advisor/wire-fraud impersonation against ultra-wealthy clients
  • Extortion leveraging affluent-client status and (claimed) financial/estate data
  • Physical-security and kidnapping-risk targeting of wealthy families via exposed addresses
  • Doxxing and property targeting from street-address exposure
  • Account takeover and social engineering using client contact and profile data
Threat vectors:
  • Ultra-HNW spear-phishing & advisor impersonation
  • Wire & investment fraud
  • Extortion & blackmail
  • Physical stalking, home targeting & personal-security risk
  • Name-based social engineering
  • Geolocation & property fraud
  • Account takeover

Threat Actor: ShinyHunters

ShinyHunters
Credential Theft

Attribution and method are based on available breach intelligence. Reported attack vector: Credential Theft.

Recommended Actions

If you believe your information may be included:

Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.

Frequently Asked Questions

What happened in the Pathstone.com breach?

In February 2026, the extortion group ShinyHunters claimed a breach of Pathstone Family Office, LLC, an ultra-high-net-worth wealth manager with about $170 billion in assets, alleging total exfiltration of its Salesforce environment and internal file systems (~15 GB compressed). The actor claimed…

What data was exposed?

Verified fields include Email Address, Full Name, Phone Number, Physical Address.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation