A dark web countdown is ticking for Pathstone Family Office after ShinyHunters claimed it stole 641,000 sensitive records from the elite wealth manager.

The cyber extortion group ShinyHunters claims it has breached the elite wealth management firm Pathstone Family Office and stolen more than 641,000 records packed with personally identifiable information and internal corporate data.

The ultimatum appeared on the leak site on the dark web, and according to the attackers, Pathstone has until the 2nd of March to respond, or the group will publicly release data, leaving the financial giant to deal with reputational damage.

Such threats are nothing new. They’re the most common pressure tactic that extortionists use to force companies to pay ransom.

So far, the attackers have not released any data samples to back their claims. However, past incidents suggest the group follows through on its threats. The gang has previously published stolen data when victims failed to meet its demands.

A high-stakes target

Founded in 2010, Pathstone operates 23 offices across a dozen states. The company serves more than 750 families with roughly $170 billion in aggregate assets.

Pathstone caters to ultra-high-net-worth families, single-family offices, foundations, and endowments. The firm maintains a $10 million investible asset minimum for new clients, with its full suite of services typically geared toward those holding $20 million or more in investible assets.

In 2025 alone, it landed at #8 on Financial Advisor Magazine’s Top RIA list, cracked #10 on Barron’s Top RIA Firms, and secured a spot in Forbes’ Top RIA Firms ranking, a triple crown of wealth world prestige.

What could be at risk?

If confirmed, exposure of internal documents and client-related data could create a layered risk. Financial advisory firms do not just store names and emails.

They hold contracts, legal paperwork, estate planning details, and sensitive financial structures. Even fragments of that information can be stitched together to commit fraud, impersonate others, or cause reputational harm.

“There is no sample yet. If the PII and internal corporate data are in the gang's hands, then it would be a possible risk of intellectual property exposure, loss of competitive advantage,” the Cybernews research team said.

“Fraud and social engineering risks are likely as well. However, it will all depend highly on the data. For now, we can only guess.”

Our researchers warn that because Pathstone serves ultra-wealthy clients who prize privacy above almost everything, the reputational fallout could be sharper than in a typical corporate breach.

“They might be perceived as incompetent or weak security-wise. For the people involved, this can also damage their public image and affect their personal or business standing,” our team noted.

Cybernews has contacted the company for confirmation, but has not yet received a response.

A broader campaign against financial giants

Pathstone is not alone in the crosshairs. In recent weeks, ShinyHunters also targeted Mercer Advisors and Beacon Pointe Advisors, two heavyweight US advisory firms. The group claimed it had accessed millions of internal records and threatened to expose them publicly unless its demands were met.

In this case, the threats escalated into action. The group ultimately published what it claimed was stolen data on the dark web.

Cybernews researchers who reviewed the alleged Mercer dataset reported that it contained deeply sensitive material, including full names, contact information, partial or full Social Security numbers, emergency contact details, contracts, and other legal documents tying together clients and investment firms.

The threat came from a threat actor that’s not exactly a newbie in the cyber underground. ShinyHunters has previously been linked to major data theft incidents involving Salesforce CRM, Bumble, Crunchbase, and Waltio. Recent activity suggests the group is accelerating the scale of its attacks.

---

Unlock more exclusive Cybernews content on YouTube.