Eisen Inc. Discloses Data Breach Affecting Financial Institution Clients
Eisen Inc., a New York-based fintech company specializing in unclaimed property compliance and account offboarding services, reported a data breach that occurred on December 12, 2025. The company serves banks, brokerages, and digital asset exchanges across the U.S., acting as a third-party provider that stores sensitive personal data on behalf of its financial institution clients.
The breach stemmed from a social engineering attack, in which a threat actor impersonated the California State Controller’s Office the agency overseeing unclaimed property in the state. Posing as a legitimate government representative, the attacker requested a file containing unclaimed property compliance records, which an Eisen employee mistakenly provided. The company detected the fraudulent activity shortly after and initiated containment measures.
The exposed file contained highly sensitive personal information, including:
- Names
- Mailing and email addresses
- Social Security numbers
- Dates of birth
- Details about unclaimed property balances
Eisen reported the incident to the California Attorney General on June 24, 2026, and began mailing notification letters to affected individuals the same day.
In response, Eisen is offering 24 months of complimentary credit monitoring and identity theft restoration services through Experian IdentityWorks, including:
- A credit report at signup
- Daily monitoring of Experian credit files
- Access to identity restoration specialists
- $1 million in identity theft insurance
Affected individuals can enroll in the program until August 31, 2026, using an activation code provided in their notification letter. A dedicated assistance line (833-931-4422) is available for inquiries, operating Monday through Friday from 8 a.m. to 8 p.m. Central Time.
Source: https://www.claimdepot.com/data-breach/eisen-inc-2026
Eisen Inc. TPRM report: https://www.rankiteo.com/company/eisen
California State Controller’s Office TPRM report: https://www.rankiteo.com/company/california-teachers-association
"id": "eiscal1782427662",
"linkid": "eisen, california-teachers-association",
"type": "Breach",
"date": "12/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'Banks, brokerages, and digital '
'asset exchanges across the U.S.',
'industry': 'Financial Services (Unclaimed Property '
'Compliance & Account Offboarding)',
'location': 'New York, USA',
'name': 'Eisen Inc.',
'type': 'Fintech Company'}],
'attack_vector': 'Social Engineering',
'customer_advisories': 'Notification letters mailed to affected individuals '
'with details on complimentary credit monitoring '
'services and enrollment instructions',
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Mailing addresses',
'Email addresses',
'Social Security numbers',
'Dates of birth',
'Unclaimed property balance '
'details']},
'date_detected': '2025-12-12',
'date_publicly_disclosed': '2026-06-24',
'description': 'Eisen Inc., a New York-based fintech company specializing in '
'unclaimed property compliance and account offboarding '
'services, reported a data breach stemming from a social '
'engineering attack. The threat actor impersonated the '
'California State Controller’s Office and obtained a file '
'containing highly sensitive personal information of financial '
'institution clients.',
'impact': {'data_compromised': 'Highly sensitive personal information '
'including names, mailing and email addresses, '
'Social Security numbers, dates of birth, and '
'unclaimed property balance details',
'identity_theft_risk': 'High'},
'post_incident_analysis': {'root_causes': 'Social engineering attack '
'impersonating a legitimate '
'government agency, employee error '
'in providing sensitive data'},
'references': [{'source': 'California Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['California Attorney '
'General']},
'response': {'communication_strategy': 'Public disclosure via California '
'Attorney General, notification '
'letters to affected individuals, '
'dedicated assistance line',
'containment_measures': 'Fraudulent activity detected and '
'contained shortly after the breach',
'remediation_measures': 'Notification letters mailed to affected '
'individuals, complimentary credit '
'monitoring and identity theft '
'restoration services offered',
'third_party_assistance': 'Experian IdentityWorks (credit '
'monitoring and identity theft '
'restoration services)'},
'title': 'Eisen Inc. Discloses Data Breach Affecting Financial Institution '
'Clients',
'type': 'Data Breach',
'vulnerability_exploited': 'Human Error (Employee Mistake)'}