What should I do if I was affected by a data breach?

If you were affected by a data breach, you should immediately monitor your financial accounts, place a fraud alert or credit freeze with the major credit bureaus (Equifax, Experian, and TransUnion), change passwords for affected accounts, and consult a data breach lawyer to understand your legal rights and potential compensation options. Act quickly — statutes of limitations apply.

Can I receive financial compensation after a data breach?

Yes. Victims of data breaches may be eligible for financial compensation through class action lawsuits or individual claims. Recoverable damages can include identity theft losses, out-of-pocket expenses, lost time, and compensation for the ongoing risk of future harm. A free consultation with a data breach attorney can help determine your eligibility.

How long do I have to file a data breach lawsuit?

Statutes of limitations for data breach claims vary by state, typically ranging from one to three years from the date you discovered — or reasonably should have discovered — the breach. In some states, the clock starts from the breach date itself. Contact a data breach lawyer as soon as possible to preserve your rights.

Cresset Capital Data Breach Exposes Sensitive Financial and Personal Information

What Happened in the Cresset Capital Data Breach?

According to Cresset Capital, the company discovered suspicious activity affecting its computer network on April 6, 2026. Following the discovery, the organization reportedly took immediate action to contain the incident and launched a forensic investigation with the assistance of external cybersecurity specialists.

The investigation later revealed that unauthorized access to certain sensitive information had occurred during the incident. Cresset Capital subsequently reported the breach to the California Attorney General. However, the total number of individuals impacted by the cybersecurity incident has not been publicly disclosed at this time.

Who was affected?

The breach may affect individuals whose personal or financial information was stored within Cresset Capital’s systems at the time of the cybersecurity incident.

Individuals who received a notification letter from Cresset Capital should carefully review the notice to understand what specific information may have been exposed and what protective services may be available to them.

What Information Was Exposed?

The information potentially exposed in the Cresset Capital data breach may include:

Full names
Contact information
Dates of birth
Social Security numbers
Driver’s license numbers
Passport numbers
Financial account information

The specific information exposed may vary depending on the individual.

How Did Cresset Capital Respond?

Following the discovery of the incident, Cresset Capital stated that it activated incident response protocols, contained the unauthorized activity, and engaged cybersecurity professionals to investigate the matter.

The company is also reportedly offering eligible individuals complimentary access to Experian IdentityWorks Credit Plus 3B identity protection services for two years. According to the notification, the service reportedly includes:

Credit monitoring across all three major credit bureaus
Dark web monitoring
Identity restoration support
Up to $1 million in identity theft insurance

Affected individuals can reportedly enroll using instructions included in their notification letter.

What Should Affected Individuals Do?

Monitor Financial Accounts and Credit Reports

Affected individuals should regularly review financial statements, banking activity, and credit reports for suspicious transactions or unauthorized activity.

Consumers can request free credit reports through:

AnnualCreditReport.com

Consider a Fraud Alert or Credit Freeze

Because Social Security numbers and financial account information may have been exposed, individuals may want to place a fraud alert or security freeze with the major credit reporting agencies.

Major credit bureaus include:

Equifax
Experian
TransUnion

Watch for Phishing Attempts and Financial Scams

Cybercriminals frequently use information obtained during data breaches to conduct phishing attacks and financial scams through fraudulent emails, text messages, and phone calls.

Affected individuals should remain cautious when responding to unsolicited communications requesting sensitive information.

Find a Data Breach Lawyer

Links for official notification letter

California Attorney General