Dragonfly Digital Management Data Breach Exposes Sensitive Personal Information
On January 16, 2026, Dragonfly Digital Management, LLC a San Francisco-based venture capital and private equity firm specializing in the crypto industry detected a data security incident. The company, registered with the U.S. Securities and Exchange Commission, engaged legal counsel and cybersecurity firm CrowdStrike to investigate.
While no funds were lost, an unauthorized individual accessed personally identifiable information (PII) collected during routine business operations, including due diligence and compliance checks. The breach impacted limited partners, business partners, and shareholders, though Dragonfly reported no evidence of unauthorized access to custodians, exchanges, or bank accounts.
Exposed data included:
- Driver’s licenses and passport copies
- Social Security numbers
- Bank and financial account numbers
- Taxpayer identification numbers
- Email addresses, names, phone numbers, and physical addresses
Dragonfly Digital Management has notified affected individuals, and class action law firm Shamis & Gentile P.A. is investigating potential compensation claims for those impacted. The incident highlights ongoing risks in the financial and crypto sectors, where sensitive compliance data remains a prime target for cyber threats.
Source: https://www.claimdepot.com/investigations/dragonfly-digital-data-breach-2026
Dragonfly Asset Management cybersecurity rating report: https://www.rankiteo.com/company/dragonfly-asset-management
"id": "DRA1776205993",
"linkid": "dragonfly-asset-management",
"type": "Breach",
"date": "1/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Limited partners, business '
'partners, and shareholders',
'industry': 'Crypto/Financial Services',
'location': 'San Francisco, USA',
'name': 'Dragonfly Digital Management, LLC',
'type': 'Venture Capital and Private Equity Firm'}],
'customer_advisories': 'Notified affected individuals',
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Driver’s licenses and passport '
'copies',
'Social Security numbers',
'Bank and financial account '
'numbers',
'Taxpayer identification numbers',
'Email addresses',
'Names',
'Phone numbers',
'Physical addresses']},
'date_detected': '2026-01-16',
'description': 'On January 16, 2026, Dragonfly Digital Management, LLC '
'detected a data security incident where an unauthorized '
'individual accessed personally identifiable information (PII) '
'collected during routine business operations, including due '
'diligence and compliance checks. The breach impacted limited '
'partners, business partners, and shareholders, with no '
'evidence of unauthorized access to custodians, exchanges, or '
'bank accounts.',
'impact': {'data_compromised': 'Personally identifiable information (PII)',
'financial_loss': 'No funds lost',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential compensation claims being '
'investigated by Shamis & Gentile P.A.',
'payment_information_risk': 'High'},
'investigation_status': 'Ongoing',
'references': [{'source': 'Dragonfly Digital Management Incident Disclosure'}],
'regulatory_compliance': {'legal_actions': 'Class action investigation by '
'Shamis & Gentile P.A.'},
'response': {'communication_strategy': 'Notified affected individuals',
'third_party_assistance': 'CrowdStrike'},
'title': 'Dragonfly Digital Management Data Breach Exposes Sensitive Personal '
'Information',
'type': 'Data Breach'}