What Happened in the Columbia Pacific Advisors Data Breach?
Columbia Pacific Advisors LLC has disclosed a data breach after an unauthorized third party gained access to certain systems within its network. The Seattle-based alternative investment management firm determined that sensitive information may have been viewed or taken without authorization during the cybersecurity incident.
According to the company’s investigation, the unauthorized access occurred on or about November 28, 2025. After discovering the incident, Columbia Pacific Advisors launched an investigation and reviewed the affected systems to determine whether sensitive personal information had been compromised.
The review of the potentially affected data was completed on or about June 2, 2026. The company subsequently posted a notice on its website and began notifying affected individuals by mail on or about June 12, 2026.
Who was affected?
Columbia Pacific Advisors reported that the incident affected residents in multiple states.
According to the company’s disclosures, the breach impacted:
- 1,585 Washington residents
- 9 Massachusetts residents
- 1 Vermont resident
A total of 1,595 individuals have been identified as affected based on the available regulatory disclosures.
What Information was taken?
According to Columbia Pacific Advisors, the following types of information may have been exposed:
- Names
- Social Security numbers
- Dates of birth
- Driver’s license numbers
- Passport numbers
- U.S. alien registration numbers
- Taxpayer identification numbers
- Financial account information
- Health insurance policy or ID numbers
- Medical information
- Usernames
- Passwords
- Security question answers
Because the incident involved both personal information and system access credentials, affected individuals may face an increased risk of identity theft, financial fraud, account compromise, and phishing attacks.
What Is Columbia Pacific Advisors Doing?
Following the cybersecurity incident, Columbia Pacific Advisors conducted an investigation and reviewed the affected data to determine which individuals required notification.
The company completed its review on or about June 2, 2026, posted a notice regarding the incident on its website, and began mailing notification letters to affected individuals on or about June 12, 2026.
Columbia Pacific Advisors is offering complimentary Experian IdentityWorks credit monitoring and identity restoration services to affected individuals.
The company has also established a dedicated assistance line that individuals can contact with questions about the incident.
What Should Affected Individuals Do?
Enroll in Free Credit Monitoring
Individuals who receive a notification letter should consider enrolling in the complimentary Experian IdentityWorks services.
Change Passwords
Because usernames, passwords, and security question answers may have been exposed, affected individuals should change passwords for any affected accounts and avoid reusing passwords across multiple services.
Monitor Financial Accounts
Regularly review bank statements and financial accounts for suspicious or unauthorized transactions.
Monitor Your Credit Reports
Check your credit reports for unfamiliar accounts or inquiries that could indicate identity theft.
Consider a Fraud Alert or Credit Freeze
A fraud alert or credit freeze may help reduce the risk of unauthorized credit activity.
Watch for Phishing Attempts
Remain cautious of emails, phone calls, or text messages requesting sensitive information, as cybercriminals often use stolen data to launch targeted phishing attacks.