ShinyHunters Extortion Gang Targets Two Major U.S. Investment Advisors
The notorious cybercrime group ShinyHunters has claimed responsibility for breaching two high-profile U.S. investment advisory firms Mercer Advisors and Beacon Pointe Advisors threatening to leak millions of sensitive client records unless paid by February 18, 2026. The attackers allege they stole 5 million records from Mercer Advisors and over 100,000 from Beacon Pointe, including personally identifiable information (PII) and internal corporate data.
Beacon Pointe Advisors, headquartered in Newport Beach, California, is the largest female-led independent registered investment advisor (RIA) in the U.S., managing $62 billion in assets and employing over 600 people. It ranked #7 on Barron’s Top 100 RIA list in 2025 and received investment from private equity firm Kohlberg Kravis Roberts & Co. in 2021. Mercer Advisors, based in Denver, oversees $92 billion in assets with a workforce of 1,500, topping Barron’s list in 2024 and 2025.
The extortion attempt follows a pattern of pressure tactics, with ShinyHunters warning of "annoying (digital) problems" if demands are ignored. The group, linked to multiple high-profile breaches including a 2024 attack on a French cryptocurrency tax platform has a history of targeting enterprise cloud services and customer databases. In June 2025, French authorities arrested four alleged members of the gang, though its operations appear to continue.
Mercer Advisors previously disclosed a 2025 data breach tied to its April 30 acquisition of Tufton Capital, affecting 661 individuals after unauthorized access between May 15–16, 2025. It remains unclear whether the current incident is connected to that breach, though cybercriminals often resurface old data.
Neither firm has publicly confirmed the breach, and no data samples have been provided to verify ShinyHunters’ claims. If true, the incident could trigger regulatory scrutiny and reputational damage for the firms. ShinyHunters’ ultimatum underscores the persistent threat of extortion-driven cyberattacks in the financial sector.
Source: https://cybernews.com/security/shinyhunters-mercer-beacon-ria-breach/
Mercer Advisors TPRM report: https://www.rankiteo.com/company/mercer-advisors
Beacon Pointe Advisors TPRM report: https://www.rankiteo.com/company/beacon-pointe-ria
"id": "beamer1771339383",
"linkid": "beacon-pointe-ria, mercer-advisors",
"type": "Ransomware",
"date": "2/2026",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '5 million records allegedly '
'stolen',
'industry': 'Financial Services',
'location': 'Denver, U.S.',
'name': 'Mercer Advisors',
'size': '1,500 employees, $92 billion in assets',
'type': 'Investment Advisory Firm'},
{'customers_affected': 'Over 100,000 records allegedly '
'stolen',
'industry': 'Financial Services',
'location': 'Newport Beach, California, U.S.',
'name': 'Beacon Pointe Advisors',
'size': '600 employees, $62 billion in assets',
'type': 'Investment Advisory Firm'}],
'attack_vector': 'Unknown (likely cloud services or customer databases)',
'data_breach': {'data_exfiltration': 'Alleged (threatened to leak)',
'number_of_records_exposed': '5,100,000+',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Internal corporate data']},
'description': 'The notorious cybercrime group ShinyHunters has claimed '
'responsibility for breaching two high-profile U.S. investment '
'advisory firms Mercer Advisors and Beacon Pointe Advisors, '
'threatening to leak millions of sensitive client records '
'unless paid by February 18, 2026. The attackers allege they '
'stole 5 million records from Mercer Advisors and over 100,000 '
'from Beacon Pointe, including personally identifiable '
'information (PII) and internal corporate data.',
'impact': {'brand_reputation_impact': 'Potential reputational damage',
'data_compromised': '5 million records (Mercer Advisors), over '
'100,000 records (Beacon Pointe)',
'identity_theft_risk': 'High (PII exposed)',
'legal_liabilities': 'Potential regulatory scrutiny'},
'investigation_status': 'Ongoing (unconfirmed claims)',
'motivation': 'Financial gain (extortion)',
'ransomware': {'data_exfiltration': 'Alleged',
'ransom_demanded': 'Unknown (extortion demand by February 18, '
'2026)'},
'references': [{'source': 'Cyber Incident Description'}],
'threat_actor': 'ShinyHunters',
'title': 'ShinyHunters Extortion Gang Targets Two Major U.S. Investment '
'Advisors',
'type': 'Extortion'}