Hightower Faces Class Action Suit Over Client Data Breach

What happened

Hightower faces class action suit over client data breach after a lawsuit filed in Illinois federal court alleged the firm failed to properly secure and safeguard client information exposed in a breach disclosed earlier this month. The suit was filed by Elliott Adams, who claims he is a former employee of Hightower. According to the complaint and a breach notification filed with the Maine attorney general, the breach occurred around January 8, 2026 and affected about 131,483 individuals. The lawsuit states that accessed information included names, Social Security numbers, and driver’s license numbers. On March 23, Hightower disclosed the breach to customers, said it posed “a present, continuing and significant risk of identity theft,” and offered credit monitoring and proactive fraud assistance services. Hightower declined to comment. 

Who is affected

The direct exposure affects approximately 131,483 individuals whose information was involved in the Hightower breach. According to the lawsuit, the accessed data included names, Social Security numbers, and driver’s license numbers, creating direct exposure for affected clients and class members. 

Why CISOs should care

This incident has immediate governance and legal relevance because the cyber incident has already triggered a federal class action focused on how Hightower protected client information. It also shows how breach response now extends beyond notification into litigation, customer remediation, and ongoing fraud-risk management. 

3 practical actions

1. Tighten litigation-ready breach documentation: Ensure incident response records clearly show what data was accessed, when the organization learned of the breach, and what remediation steps were offered to affected individuals. 
2. Pressure-test protection of regulated personal data: Reassess how sensitive customer information such as names, Social Security numbers, and driver’s license numbers is secured across systems and workflows. 
3. Align customer response with legal exposure: Treat credit monitoring, fraud assistance, and customer communications as part of a broader response that may quickly become central to legal claims after a breach. 

For more coverage of major security incidents affecting organizations worldwide, explore our reporting on Data Breaches.