Caldwell Sutter Capital and Inc.: Caldwell Sutter Capital Data Breach Investigation

Caldwell Sutter Capital and Inc.: Caldwell Sutter Capital Data Breach Investigation

Caldwell Sutter Capital Data Breach Exposes Sensitive Financial Information

Shamis & Gentile P.A., a class action law firm specializing in data breach cases, is investigating a security incident involving Caldwell Sutter Capital, Inc., a hybrid broker-dealer and registered investment adviser based in Sausalito, California. The breach, linked to a third-party service provider, FoxTrot LLC, exposed the personally identifiable information (PII) of 663 individuals across the U.S., including residents of Maine, Massachusetts, and Vermont.

The unauthorized access occurred on April 22, 2026, between 4 and 8 p.m. Pacific Time, with Caldwell Sutter Capital receiving notification from FoxTrot on April 29, 2026. The company collaborated with FoxTrot to assess the impact, though the investigation remains ongoing. Affected individuals were formally notified via written notices on May 29, 2026.

Compromised data includes:

  • Names
  • Account numbers
  • Social Security numbers
  • Financial account details

Legal representatives are evaluating potential compensation claims for those impacted, citing consumer protection laws that may apply in cases of exposed sensitive information. The incident underscores the risks associated with third-party vendor vulnerabilities in financial services.

Source: https://www.claimdepot.com/investigations/caldwell-sutter-capital-data-breach-2026

Caldwell Sutter Capital, Inc. cybersecurity rating report: https://www.rankiteo.com/company/caldwell-sutter-capital-inc

"id": "CAL1781295922",
"linkid": "caldwell-sutter-capital-inc",
"type": "Breach",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '663',
                        'industry': 'Financial Services',
                        'location': 'Sausalito, California, USA',
                        'name': 'Caldwell Sutter Capital, Inc.',
                        'type': 'Hybrid broker-dealer and registered '
                                'investment adviser'}],
 'attack_vector': 'Third-party vendor compromise',
 'customer_advisories': 'Written notices sent to affected individuals on May '
                        '29, 2026',
 'data_breach': {'number_of_records_exposed': '663',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Names',
                                              'Account numbers',
                                              'Social Security numbers',
                                              'Financial account details']},
 'date_detected': '2026-04-29',
 'date_publicly_disclosed': '2026-05-29',
 'description': 'Shamis & Gentile P.A. is investigating a security incident '
                'involving Caldwell Sutter Capital, Inc., a hybrid '
                'broker-dealer and registered investment adviser. The breach, '
                'linked to a third-party service provider, FoxTrot LLC, '
                'exposed the personally identifiable information (PII) of 663 '
                'individuals across the U.S. The unauthorized access occurred '
                'on April 22, 2026, and affected individuals were notified on '
                'May 29, 2026.',
 'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
                                       'exposed sensitive information',
            'data_compromised': 'Personally identifiable information (PII), '
                                'financial account details',
            'identity_theft_risk': 'High',
            'legal_liabilities': 'Potential compensation claims under consumer '
                                 'protection laws',
            'payment_information_risk': 'High'},
 'investigation_status': 'Ongoing',
 'lessons_learned': 'Risks associated with third-party vendor vulnerabilities '
                    'in financial services',
 'post_incident_analysis': {'root_causes': 'Third-party vendor (FoxTrot LLC) '
                                           'compromise'},
 'references': [{'source': 'Shamis & Gentile P.A.'}],
 'regulatory_compliance': {'legal_actions': 'Potential compensation claims '
                                            'under consumer protection laws'},
 'response': {'communication_strategy': 'Written notices to affected '
                                        'individuals on May 29, 2026',
              'third_party_assistance': 'FoxTrot LLC collaborated to assess '
                                        'the impact'},
 'title': 'Caldwell Sutter Capital Data Breach Exposes Sensitive Financial '
          'Information',
 'type': 'Data Breach'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.