Eisen Data Breach Exposes Social Security Numbers and Personal Information

Finance data breach illustration
Breach Discovery: 12th December 2025Breach Notification: 24th June 2026

What Happened in the Eisen Data Breach?

Eisen Inc., a New York-based financial technology company, has confirmed a data breach involving sensitive personal information. The Eisen data breach happened after a threat actor used a social engineering scheme to trick an employee into handing over a file full of consumer data. Eisen provides unclaimed property compliance and account offboarding services to banks, brokerages and digital asset exchanges across the United States. Because of this role, the company holds personal data on behalf of its financial institution clients.

According to the company, the incident occurred on Dec. 12, 2025. A threat actor impersonated the California State Controller’s Office, the state agency that oversees unclaimed property in California. The impersonator contacted Eisen and requested a file containing unclaimed property compliance records. As a result, the request appeared to be a routine government inquiry, and an employee believed it was legitimate.

The employee then provided the requested file to the attacker. Shortly afterward, Eisen identified the activity as fraudulent and moved to contain the situation. Following this discovery, the company launched an investigation to determine exactly what information had been shared and who might be affected.

The investigation confirmed that the exposed file contained several categories of sensitive personal information. Because the incident involved a targeted impersonation scheme rather than a technical hack, it highlights how convincing social engineering attacks can be. Eisen subsequently notified state regulators and began sending letters to affected individuals.

Who was affected?

The Eisen data breach may affect individuals who have unclaimed property on file with financial institutions that use Eisen’s compliance services. Since Eisen works behind the scenes for banks, brokerages and digital asset exchanges, many affected people likely never interacted with Eisen directly. This means some individuals may be surprised to learn their information was involved at all.

Eisen has not publicly disclosed the total number of individuals affected by this incident. However, the exposed file reportedly involved unclaimed property compliance records tied to California, suggesting a geographic connection to that state. Because the breach touched financial account and identity data, both adults and potentially older consumers with dormant financial accounts could be impacted.

The company reported the breach to the California Attorney General and the Massachusetts Attorney General on June 24, 2026. This indicates residents in at least these two states received formal notice. Additional affected individuals in other states may also have received letters, depending on where Eisen’s client institutions operate.

What Information Was Potentially Exposed?

The file shared with the threat actor contained multiple types of sensitive personal data. This information could be valuable to identity thieves and scammers if misused. Below is a summary of the data categories confirmed as exposed.

  • Full names
  • Mailing addresses
  • Email addresses
  • Social Security numbers
  • Dates of birth
  • Information about unclaimed property balances

This combination of data is particularly concerning because it includes both identity-verifying details and financial context. For example, a Social Security number paired with a date of birth and address gives criminals nearly everything needed to open new credit accounts. As a result, affected individuals face a real risk of identity theft and financial fraud.

In addition, knowledge of someone’s unclaimed property balance could make phishing attempts more convincing. Scammers often use specific account details to build trust before requesting more information or payment. Because of this, affected individuals should treat any unexpected contact about unclaimed funds with caution, even if it references accurate details.

What is the company doing?

After discovering the fraudulent request, Eisen took immediate steps to contain the incident. The company then launched an investigation to identify exactly what data had been compromised and which individuals were affected. Following this review, Eisen reported the breach to the California Attorney General and the Massachusetts Attorney General on June 24, 2026.

Eisen also began mailing notification letters to affected consumers on the same day. In response to the breach, the company is offering 24 months of complimentary credit monitoring and identity theft restoration services through Experian IdentityWorks. This offer includes a credit report at signup, daily credit monitoring, access to identity restoration specialists and $1 million in identity theft insurance coverage.

Affected individuals can enroll in this protection using an activation code included in their notification letter. The enrollment deadline is Aug. 31, 2026. Eisen has also set up a toll-free assistance line for questions or help with identity restoration, available on weekdays from 8 a.m. to 8 p.m. Central Time.

What Should Affected Individuals Do?

Enroll in the Free Credit Monitoring Offered

If you received a notification letter from Eisen, you should enroll in the complimentary Experian IdentityWorks membership right away. This service can alert you to suspicious activity on your credit file before it causes lasting damage. Because the enrollment window closes on Aug. 31, 2026, it’s important not to delay.

To sign up, use the activation code printed in your letter. Once enrolled, take time to review your first credit report for anything unfamiliar. This baseline check can help you catch fraudulent accounts opened before enrollment as well as after.

Place a Fraud Alert or Credit Freeze

Because Social Security numbers were exposed, placing a fraud alert or credit freeze is a strong protective step. A fraud alert requires lenders to verify your identity before opening new credit in your name. A credit freeze goes further by blocking most new access to your credit file entirely.

You can request either option through Equifax, Experian or TransUnion at no cost. In addition, consider freezing your credit at all three bureaus for the most complete protection. This step is especially important given that dates of birth and Social Security numbers were both compromised in this incident.

Watch for Phishing and Impersonation Attempts

Since this breach began with a social engineering scam, affected individuals should be extra alert to similar tactics. Scammers may use the stolen information to appear more credible when contacting you by phone, email or mail. For example, they might reference your unclaimed property balance to seem legitimate.

Therefore, never share personal or financial information with anyone who contacts you unexpectedly. Instead, verify any claims by contacting the relevant agency or institution directly using a number you find independently. This simple habit can prevent a second wave of fraud stemming from the original breach.

Monitor Financial Accounts and Credit Reports Regularly

Beyond enrolling in monitoring services, you should personally review your bank and credit card statements often. Look for small unfamiliar charges, since fraudsters sometimes test stolen data with tiny transactions first. If you notice anything suspicious, report it to your financial institution immediately.

You are also entitled to a free credit report from each major bureau every year. Checking these reports periodically, even after your monitoring period ends, helps you catch problems early. If you discover fraudulent activity linked to this breach, consider speaking with a data breach attorney about your legal options.



More Information

Eisen Inc.

California Attorney General

Massachusetts Attorney General

enroll in the credit monitoring program

Related Data Breaches