Cresset Capital Management Data Breach Exposes Sensitive Client Information
Cresset Capital Management, a U.S.-based private wealth management firm founded in 2017, confirmed a data breach after detecting suspicious activity within its network on April 6, 2026. The company initiated incident response protocols, contained the threat, and engaged third-party cybersecurity experts to investigate.
The investigation revealed that unauthorized access had compromised sensitive client data, including names, contact details, dates of birth, Social Security numbers, driver’s license and passport numbers, and financial account information.
Class action law firm Shamis & Gentile P.A. is now investigating the breach on behalf of affected individuals, citing potential violations of data protection laws. Those impacted may be eligible for compensation as legal claims are being evaluated. The breach underscores the ongoing risks to financial institutions handling high-value personal and financial data.
Source: https://www.claimdepot.com/investigations/cresset-capital-data-breach-2026
Cresset cybersecurity rating report: https://www.rankiteo.com/company/cresset-capital
"id": "CRE1778870024",
"linkid": "cresset-capital",
"type": "Breach",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Financial Services',
'location': 'U.S.',
'name': 'Cresset Capital Management',
'type': 'Private Wealth Management Firm'}],
'data_breach': {'personally_identifiable_information': ['Names',
'Contact details',
'Dates of birth',
'Social Security '
'numbers',
'Driver’s license '
'numbers',
'Passport numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information',
'Financial Account Information']},
'date_detected': '2026-04-06',
'description': 'Cresset Capital Management, a U.S.-based private wealth '
'management firm, confirmed a data breach after detecting '
'suspicious activity within its network on April 6, 2026. The '
'investigation revealed unauthorized access had compromised '
'sensitive client data, including names, contact details, '
'dates of birth, Social Security numbers, driver’s license and '
'passport numbers, and financial account information.',
'impact': {'data_compromised': 'Sensitive client data, including names, '
'contact details, dates of birth, Social '
'Security numbers, driver’s license and '
'passport numbers, and financial account '
'information',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential violations of data protection laws',
'payment_information_risk': 'High'},
'investigation_status': 'Ongoing',
'references': [{'source': 'Class action law firm Shamis & Gentile P.A.'}],
'regulatory_compliance': {'legal_actions': 'Class action investigation by '
'Shamis & Gentile P.A.',
'regulations_violated': ['Data protection laws']},
'response': {'containment_measures': 'Contained the threat',
'incident_response_plan_activated': 'Yes',
'third_party_assistance': 'Engaged third-party cybersecurity '
'experts'},
'title': 'Cresset Capital Management Data Breach Exposes Sensitive Client '
'Information',
'type': 'Data Breach'}