U.S.-based wealth management firms Mercer Global Advisors and Beacon Pointe Advisors have become the latest financial advisory organizations linked to a cyber intrusion attributed to the hacking group known as ShinyHunters.
Cyber threat intelligence platforms observed that data allegedly connected to the firms was being circulated within underground cybercriminal communities. The threat actors behind the activity are known for breaching corporate systems and leveraging stolen information for financial extortion.
Security researchers monitoring dark web forums reported that the group claimed to have accessed internal databases containing client-related and operational records. While the authenticity and scope of the data are still under technical verification, the incident follows a pattern consistent with previous campaigns associated with the same hacking collective.
The attackers typically infiltrate database environments, extract structured datasets, and then attempt to pressure organizations by threatening public release or resale of the information. In similar past incidents, exposed material has included contact details, financial documentation, and internal corporate records.
Industry analysts note that wealth management firms represent attractive targets due to the volume of sensitive financial data they maintain. Unlike traditional banks, advisory firms often rely on interconnected vendor ecosystems and cloud-based platforms, which can expand potential attack surfaces if not tightly secured.
At this stage, cybersecurity investigations are ongoing to determine the method of intrusion and whether third-party systems may have been involved. Incident response efforts generally include forensic analysis, system integrity checks, and monitoring for signs of data misuse.
No official confirmation has been released regarding confirmed financial losses. However, security experts caution that exposure of advisory firm data can increase risks of targeted phishing campaigns, identity fraud attempts, and social engineering attacks directed at clients.
The incident reflects a broader trend in which financially motivated cybercriminal groups are shifting focus toward asset managers and advisory institutions as part of an expanding threat landscape in the financial services sector.