Barron's top investment advisors threatened with 48-hour ultimatum "don't be the next headline”

Published: 17 February 2026
shinyhunters claims mercer advisors and beacon pointe advisors
Image by Cybernews

ShinyHunters, an infamous extortion gang, is giving two elite US investment advisors 48 hours before it dumps millions of allegedly sensitive client records online.

ShinyHunters has claimed responsibility for attacking two high-profile investment advisory firms – Mercer Advisors and Beacon Pointe Advisors. The extortion group is threatening to leak stolen data on the dark web unless contacted and paid.

“This is a final warning to reach out by February 18, 2026 before we leak, along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline,” the attackers wrote.

ADVERTISEMENT

As in most extortion cases, such threats are part of pressure tactics designed to force negotiations and muscle organizations into paying ransom.

So far, the companies have not issued a public statement about any cyber incident. Cybernews has reached out to both firms for confirmation, but has yet to receive a response.

ShinyHunters alleged breach of Mercer Advisors and Beacon Pointe Advisors
ShinyHunters alleged breach of Mercer Advisors and Beacon Pointe Advisors. Screenshot by Cybernews

What do the attackers claim to have stolen?

According to the gang’s post, the stolen data includes records with personally identifiable information and internal corporate data.

The attackers claim to have stolen 5 million records from Mercer Advisors and over 100,000 from Beacon Pointe Advisors.

Investment advisory firms handle large volumes of sensitive financial and personal information, including portfolio data, tax documents, and identity records. ShinyHunters has not provided any data samples to back up its claims, so it is not possible to independently verify what kind of data might be affected.

If confirmed, a breach affecting millions of records could trigger regulatory scrutiny and damage the firms’ reputations.

ADVERTISEMENT

Finance advisory heavyweights

Headquartered in Newport Beach, California, Beacon Pointe Advisors is the largest female-led independent registered investment advisor (RIA) in the United States. In 2021, the company attracted the attention of global private equity heavyweight Kohlberg Kravis Roberts & Co., which invested in the firm.

Beacon Pointe Advisors has around $62 billion in clients' assets and employs more than 600 people. It has been ranked #7 on Barron’s Top 100 RIA list in 2025.

Denver-based Mercer Advisors manages approximately $92 billion in assets and employs around 1,500 people. The firm topped Barron’s list in both 2024 and 2025.

Mercer Advisors was previously breached

One of Mercers’ previous acquisitions brought not only extra assets but also a data breach. The company had earlier disclosed a security incident tied to its April 30th, 2025, acquisition of Tufton Capital.

According to the notice submitted to the office of the Maine Attorney General’s office, before Tufton’s systems were fully integrated, suspicious activity was detected within a segment of its network.

The investigation determined that the data of 661 individuals were affected. The attackers managed to access a part of the network between May 15th and May 16th, 2025.

It is currently unclear whether the newly alleged breach is connected to that earlier incident. However, it is not uncommon for cybercriminals to resurface data from old breaches.

ADVERTISEMENT
Mercer Advisors breach notice
Screenshot of notice. Source: Maine Attorney General's office.

Who are ShinyHunters?

ShinyHunters is a well-known cybercrime and extortion gang, previously linked to multiple high-profile data theft campaigns. The gang is associated with last year’s Salesforce CRM data heist that targeted enterprise cloud services and customer databases.

In 2026, the gang has reportedly been behind an active voice phishing campaign aimed at stealing single sign-on (SSO) credentials for Okta, Microsoft, and Google accounts.

ShinyHunters was also attributed to a potential data breach at Waltio, a prominent French cryptocurrency tax filing platform, which the hackers controversially linked to kidnapping cases in France.

The gang has also claimed breaches at Bumble, Match Group, operating Hinge, Match, and OkCupid services, Crunchbase, and Panera Bread.

On June 25th, 2025, French authorities announced the arrest of four alleged members of ShinyHunters across multiple regions of France.

Unlock more exclusive Cybernews content on YouTube.

ADVERTISEMENT
Share
Post
Share
Share
Share
More from Cybernews
Meta has quietly shipped the technology needed for facial recognition glasses
Hackers getting an easy ride: misconfigured cloud settings behind growing number of data breaches
Anthropic claims AI is too fast and needs to hit the brakes: let’s take it with a pinch of salt
US lawmakers push new bill on AI safety, state law limits, worker protections
Pewdiepie declares war on big tech following the release of his free and local AI workspace
California tech CEO busted for selling forbidden US technology to Iran’s nuclear agency
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked