Empower Group Suffers Alleged Data Breach, Exposing Millions of Records
On April 16, 2026, New York-based financial services provider Empower Group reportedly fell victim to a data breach allegedly carried out by the threat actor DragonForce. The group claimed to have exfiltrated 316 GB of sensitive data, including 6,691,415 records containing Social Security numbers, names, addresses, phone numbers, email addresses, and dates of birth.
The breach was first detected by Ransomware.Live, a dark web monitoring platform, which published an indexed database of the compromised information. At the time of reporting, Empower Group had not confirmed the breach, leaving the full scope and impact unverified.
Legal teams, including those affiliated with ClassAction.org, are investigating the incident to determine whether a class action lawsuit can be filed on behalf of affected individuals including employees, investors, and clients. If successful, such a lawsuit could seek compensation for privacy violations, financial losses, and other damages resulting from the exposure.
The breach underscores growing risks for financial service providers handling sensitive personal and business data, though official confirmation and further details remain pending.
Source: https://www.classaction.org/data-breach-lawsuits/empower-group-april-2026
The Empower Group cybersecurity rating report: https://www.rankiteo.com/company/theempowergroup
"id": "THE1780007038",
"linkid": "theempowergroup",
"type": "Breach",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '6,691,415 records',
'industry': 'Financial Services',
'location': 'New York, USA',
'name': 'Empower Group',
'type': 'Financial Services Provider'}],
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '6,691,415',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Social Security numbers',
'names',
'addresses',
'phone numbers',
'email addresses',
'dates of birth']},
'date_detected': '2026-04-16',
'date_publicly_disclosed': '2026-04-16',
'description': 'On April 16, 2026, New York-based financial services provider '
'Empower Group reportedly fell victim to a data breach '
'allegedly carried out by the threat actor DragonForce. The '
'group claimed to have exfiltrated 316 GB of sensitive data, '
'including 6,691,415 records containing Social Security '
'numbers, names, addresses, phone numbers, email addresses, '
'and dates of birth. The breach was first detected by '
'Ransomware.Live, a dark web monitoring platform, which '
'published an indexed database of the compromised information. '
'At the time of reporting, Empower Group had not confirmed the '
'breach, leaving the full scope and impact unverified.',
'impact': {'data_compromised': '316 GB of sensitive data',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential class action lawsuit'},
'investigation_status': 'Unconfirmed',
'references': [{'date_accessed': '2026-04-16', 'source': 'Ransomware.Live'},
{'source': 'ClassAction.org'}],
'regulatory_compliance': {'legal_actions': 'Potential class action lawsuit'},
'threat_actor': 'DragonForce',
'title': 'Empower Group Suffers Alleged Data Breach, Exposing Millions of '
'Records',
'type': 'Data Breach'}