What Happened in the Eisen Data Breach?
Eisen Inc. has disclosed a data breach that exposed sensitive personal information following a social engineering attack. The New York-based financial technology company reported the incident to the California Attorney General and the Massachusetts Office of Consumer Affairs and Business Regulation on June 24, 2026.
Eisen provides unclaimed property compliance, escheatment, and account offboarding services for banks, brokerages, digital asset exchanges, and other financial institutions throughout the United States. Because the company processes information on behalf of financial institutions, many affected individuals may not have had a direct relationship with Eisen.
According to the company, the incident occurred on December 12, 2025, when a threat actor impersonated the California State Controller’s Office. The attacker requested a file containing unclaimed property compliance records, making the request appear to be a routine government inquiry.
Believing the request was legitimate, an Eisen employee sent the requested file to the threat actor. Shortly afterward, the company determined that the request was fraudulent and took immediate steps to contain the incident.
Who was affected?
Eisen has not publicly disclosed the total number of affected individuals.
The company stated that the breach affected individuals whose personal information was maintained on behalf of financial institution clients. As a third-party service provider, Eisen noted that many affected individuals may not have been direct customers of the company.
Notification letters were mailed to affected consumers on June 24, 2026.
What Information was taken?
According to Eisen, the exposed file contained the following types of personal information:
- Names
- Mailing addresses
- Email addresses
- Social Security numbers
- Dates of birth
- Information related to unclaimed property balances
The exposure of Social Security numbers and dates of birth may increase the risk of identity theft and financial fraud. Individuals should remain vigilant for suspicious activity involving their personal or financial information.
What Is Eisen Doing?
After identifying the fraudulent request, Eisen took steps to contain the incident and conducted an investigation into the unauthorized disclosure.
The company reported the breach to the California Attorney General and the Massachusetts Office of Consumer Affairs and Business Regulation. Notification letters were mailed to affected individuals on June 24, 2026.
Eisen is offering 24 months of complimentary Experian IdentityWorks credit monitoring and identity theft restoration services. The offering includes a credit report upon enrollment, daily Experian credit monitoring, access to identity restoration specialists, and up to $1 million in identity theft insurance coverage.
Affected individuals can enroll using the activation code included in their notification letter before the August 31, 2026 enrollment deadline.
What Should Affected Individuals Do?
Enroll in Free Credit Monitoring
Individuals who receive a notification letter should enroll in the complimentary Experian IdentityWorks services before the enrollment deadline.
Monitor Financial Accounts
Review bank accounts, credit card statements, and other financial records for suspicious activity.
Monitor Your Credit Reports
Check your credit reports regularly for unauthorized accounts or inquiries.
Consider a Fraud Alert
A fraud alert can encourage creditors to verify your identity before opening new accounts.
Freeze Your Credit
A credit freeze may help prevent criminals from opening accounts using your personal information.
Watch for Phishing Attempts
Remain cautious of unexpected emails, phone calls, or text messages requesting personal information. Attackers may use information obtained during data breaches to carry out additional scams.