Eisen, Inc. Data Breach Exposes Sensitive Financial Records in Social Engineering Attack
Eisen, Inc., a New York-based financial services firm specializing in AI-driven regulatory technology, disclosed a data breach stemming from a December 12, 2025, social engineering attack. The company, which serves banks, brokerages, and digital asset exchanges, fell victim when a threat actor impersonated the California State Controller’s Office and requested unclaimed property compliance records. An employee, believing the request to be legitimate, granted access to the file before Eisen identified the fraud and contained the incident.
The breach compromised sensitive personal data processed by Eisen on behalf of its clients, including names, mailing and email addresses, Social Security numbers, dates of birth, and unclaimed property balances. Eisen filed a notice with the California Attorney General on June 24, 2026, detailing the exposure. The incident has prompted legal investigations, with class action law firm Shamis & Gentile P.A. reviewing potential compensation claims for affected individuals. Eisen’s clients and their customers may be among those impacted.
Source: https://www.claimdepot.com/investigations/eisen-inc-data-breach-2026
Eisen, Inc. TPRM report: https://www.rankiteo.com/company/eisen-belize
"id": "eis1782448020",
"linkid": "eisen-belize",
"type": "Breach",
"date": "12/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Clients and their customers',
'industry': 'Regulatory Technology (RegTech)',
'location': 'New York, USA',
'name': 'Eisen, Inc.',
'type': 'Financial Services Firm'}],
'attack_vector': 'Social Engineering',
'data_breach': {'personally_identifiable_information': 'Names, mailing and '
'email addresses, '
'Social Security '
'numbers, dates of '
'birth',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personal Identifiable '
'Information (PII), Financial '
'Records'},
'date_detected': '2025-12-12',
'date_publicly_disclosed': '2026-06-24',
'description': 'Eisen, Inc., a New York-based financial services firm '
'specializing in AI-driven regulatory technology, disclosed a '
'data breach stemming from a December 12, 2025, social '
'engineering attack. The company fell victim when a threat '
'actor impersonated the California State Controller’s Office '
'and requested unclaimed property compliance records. An '
'employee granted access to the file before Eisen identified '
'the fraud and contained the incident. The breach compromised '
'sensitive personal data processed by Eisen on behalf of its '
'clients, including names, mailing and email addresses, Social '
'Security numbers, dates of birth, and unclaimed property '
'balances.',
'impact': {'data_compromised': 'Sensitive personal data including names, '
'mailing and email addresses, Social Security '
'numbers, dates of birth, and unclaimed '
'property balances',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential class action lawsuits'},
'post_incident_analysis': {'root_causes': 'Social engineering attack '
'impersonating a government agency'},
'references': [{'source': 'California Attorney General'}],
'regulatory_compliance': {'legal_actions': 'Class action law firm Shamis & '
'Gentile P.A. reviewing potential '
'compensation claims',
'regulatory_notifications': 'Filed notice with the '
'California Attorney '
'General'},
'response': {'communication_strategy': 'Filed notice with the California '
'Attorney General',
'containment_measures': 'Incident contained after fraud was '
'identified'},
'title': 'Eisen, Inc. Data Breach Exposes Sensitive Financial Records in '
'Social Engineering Attack',
'type': 'Data Breach',
'vulnerability_exploited': 'Human Error'}