• Home
  • cyber
  • Mercer Advisors and Beacon Pointe Advisors: ShinyHunters reveals +5M records after Wall Street ignores "final warning"
cyber Breach

Mercer Advisors and Beacon Pointe Advisors: ShinyHunters reveals +5M records after Wall Street ignores "final warning"

May 15, 2025 2 min read
Mercer Advisors and Beacon Pointe Advisors: ShinyHunters reveals +5M records after Wall Street ignores "final warning"

ShinyHunters Leaks Millions of Records from Top US Investment Firms in Extortion Attack

Last week, the notorious cybercriminal group ShinyHunters dumped 5.7 million records tied to two major U.S. investment advisory firms Mercer Advisors and Beacon Pointe Advisors after issuing a 48-hour ultimatum and failing to secure a ransom payment. The leaked data, posted on the dark web, includes client contracts, personal identifiable information (PII), and internal documents, raising concerns over potential identity theft and financial fraud.

Key Details of the Breach

  • Victims: Mercer Advisors (Denver-based, managing $92 billion in assets) and Beacon Pointe Advisors (Newport Beach-based, managing $62 billion), both ranked among Barron’s top RIAs.
  • Attacker: ShinyHunters, a well-known extortion group linked to high-profile breaches, including Canada Goose, Hinge, and Match.com.
  • Data Exposed:
    • Mercer Advisors: 5GB of records, including client contracts and PII.
    • Beacon Pointe Advisors: 60GB of data, though researchers noted some records may be duplicates.
  • Timeline: The breach occurred between May 15–16, 2025, with the data leak following a failed extortion attempt.

Previous Incidents & Law Enforcement Action

Mercer Advisors had previously disclosed a 2025 breach tied to its acquisition of Tufton Capital, affecting 661 individuals. Meanwhile, French authorities arrested four alleged ShinyHunters members on June 25, 2025, though the group’s operations appear ongoing.

Impact & Unanswered Questions

While the firms have not confirmed the breach, researchers verified the authenticity of the leaked data. The incident underscores the growing threat of extortion-driven attacks on financial institutions, where cybercriminals leverage stolen data to pressure victims into paying ransoms or face public exposure.

ShinyHunters’ latest attack reinforces its reputation as a high-impact threat actor, targeting elite firms with vast troves of sensitive client information. The full extent of the breach’s fallout remains unclear as investigations continue.

Source: https://cybernews.com/security/shinyhunters-mercer-beacon-data-breach/

Mercer Advisors TPRM report: https://www.rankiteo.com/company/mercer-advisors

Beacon Pointe Advisors TPRM report: https://www.rankiteo.com/company/beacon-pointe-ria

"id": "merbea1771967984",
"linkid": "mercer-advisors, beacon-pointe-ria",
"type": "Breach",
"date": "5/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Financial Services',
                        'location': 'Denver, US',
                        'name': 'Mercer Advisors',
                        'size': 'Manages $92 billion in assets',
                        'type': 'Investment Advisory Firm'},
                       {'industry': 'Financial Services',
                        'location': 'Newport Beach, US',
                        'name': 'Beacon Pointe Advisors',
                        'size': 'Manages $62 billion in assets',
                        'type': 'Investment Advisory Firm'}],
 'data_breach': {'data_exfiltration': 'Yes',
                 'number_of_records_exposed': '5.7 million',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Client contracts',
                                              'Personal Identifiable '
                                              'Information (PII)',
                                              'Internal documents']},
 'date_detected': '2025-05-15',
 'description': 'The notorious cybercriminal group ShinyHunters dumped 5.7 '
                'million records tied to two major U.S. investment advisory '
                'firms, Mercer Advisors and Beacon Pointe Advisors, after '
                'issuing a 48-hour ultimatum and failing to secure a ransom '
                'payment. The leaked data includes client contracts, personal '
                'identifiable information (PII), and internal documents, '
                'raising concerns over potential identity theft and financial '
                'fraud.',
 'impact': {'brand_reputation_impact': 'High',
            'data_compromised': '5.7 million records',
            'identity_theft_risk': 'High'},
 'investigation_status': 'Ongoing',
 'motivation': 'Extortion, Financial Gain',
 'ransomware': {'data_exfiltration': 'Yes',
                'ransom_demanded': 'Yes (48-hour ultimatum)',
                'ransom_paid': 'No'},
 'references': [{'source': 'Dark Web Leak'}],
 'threat_actor': 'ShinyHunters',
 'title': 'ShinyHunters Leaks Millions of Records from Top US Investment Firms '
          'in Extortion Attack',
 'type': 'Data Breach, Extortion'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.