What Happened in the FoxTrot Data Breach?
The FoxTrot data breach involved unauthorized access to systems maintained by FoxTrot LLC, a third-party software provider that supports back-office operations for financial services firms. According to a notification letter, an unauthorized third party gained access to certain data maintained by FoxTrot on or about April 22, 2026. This access exposed sensitive personal information belonging to clients of companies that rely on FoxTrot’s software solutions.
FoxTrot notified one of its clients, Caldwell Sutter Capital Inc., about the incident on April 29, 2026, one week after the intrusion occurred. As a result, Caldwell Sutter Capital immediately began coordinating with FoxTrot to understand the scope of the breach. In addition, a separate entity called Holly Lam, described as a financial services and insurance organization, also filed a disclosure about the same incident with the Nebraska Attorney General on May 29, 2026.
Once notified, Caldwell Sutter Capital worked to assess how the breach affected its own data. The company also confirmed that appropriate containment and remediation steps had taken place. Following this, Caldwell Sutter Capital conducted a detailed review to determine exactly which categories of personal information were compromised for each individual affected. This review process helped the company prepare accurate notification letters for consumers.
Who was affected?
The FoxTrot data breach affects consumers whose personal information was stored within FoxTrot’s systems on behalf of its clients. Because FoxTrot provides back-office software to multiple organizations, individuals connected to more than one company may be affected. In this case, both Caldwell Sutter Capital and Holly Lam have confirmed that their customers’ data was involved.
The exact number of individuals affected by this breach has not been publicly disclosed. However, the involvement of two separate organizations suggests the impact may extend beyond a single customer base. Since Caldwell Sutter Capital is headquartered in Sausalito, California, and Holly Lam operates in the financial services and insurance space, affected individuals could be located across multiple states.
What Information Was Potentially Exposed?
The information exposed in the FoxTrot data breach varies depending on which organization held the individual’s data. Overall, the exposed categories include highly sensitive financial and personal identifiers that could be used for fraud if misused.
- Full names
- Social Security numbers
- Account numbers
- Financial account codes
- Dates of birth
Because Social Security numbers and financial account details were exposed, affected individuals face a heightened risk of identity theft. For example, criminals could use this information to open new credit accounts, apply for loans, or file fraudulent tax returns using someone else’s identity. This type of exposure often leads to long-term monitoring needs, since stolen SSNs can be used or sold years after a breach occurs.
In addition, the combination of account numbers and financial account codes raises the risk of direct financial fraud. Someone with access to this data could potentially attempt unauthorized transactions or impersonate the account holder when contacting financial institutions. As a result, affected individuals should treat this breach seriously, even if no fraud has occurred yet.
What is the company doing?
FoxTrot worked closely with affected organizations, including Caldwell Sutter Capital, to contain the breach once it was discovered. This collaborative response helped both companies understand the scope of the incident and confirm that the exposure had been addressed. FoxTrot has also stated that it is implementing more extensive controls and safeguards to strengthen its existing security policies and procedures.
In response to the breach, Caldwell Sutter Capital is offering affected individuals 24 months of complimentary credit monitoring and identity protection services through Experian IdentityWorks. This service includes identity restoration assistance, which is available automatically for 24 months from the date of the notification letter without requiring separate activation. Affected individuals must enroll in the credit monitoring portion by September 30, 2026, using the activation code provided in their letter.
What Should Affected Individuals Do?
Enroll in the Free Credit Monitoring Offered
Affected individuals should enroll in the complimentary Experian IdentityWorks credit monitoring service as soon as possible. This service can help detect suspicious activity tied to your personal information before it causes serious financial harm.
To enroll, visit the Experian enrollment page and use the activation code included in your notification letter. Because the enrollment deadline is September 30, 2026, it’s important not to delay taking this step.
Place a Fraud Alert or Credit Freeze
Given that Social Security numbers and account information were exposed, consider placing a fraud alert or credit freeze with the three major credit bureaus. A fraud alert requires lenders to verify your identity before opening new credit in your name, adding an extra layer of protection.
A credit freeze goes a step further by restricting access to your credit report entirely. Although this security measure requires temporarily lifting the freeze when applying for new credit, it offers strong protection against identity thieves attempting to open fraudulent accounts.
Monitor Financial Accounts and Credit Reports Closely
Because financial account codes and account numbers were exposed, affected individuals should regularly review their bank and credit card statements. Look for any unfamiliar charges or withdrawals, even small ones, since fraudsters sometimes test accounts with minor transactions first.
In addition, request free copies of your credit reports from all three major bureaus and review them for unfamiliar accounts. This means checking for new credit inquiries, unknown loans, or accounts you never opened.
Stay Alert for Phishing Attempts
After a data breach, scammers often use stolen information to craft convincing phishing emails or phone calls. Therefore, affected individuals should be cautious of unexpected messages claiming to be from Caldwell Sutter Capital, FoxTrot, or Experian.
Never click on links or provide personal information in response to unsolicited communications. Instead, contact the company directly using verified phone numbers or official websites to confirm whether a message is legitimate.
Consider Consulting a Data Breach Attorney
Because this breach involved sensitive financial data and Social Security numbers, affected individuals may want to speak with a data breach attorney. An attorney can help evaluate whether you qualify for compensation related to the exposure of your personal information.
Many attorneys offer free case evaluations, so there is little risk in exploring your legal options. This step can be especially helpful if you experience identity theft or financial fraud as a result of this incident.
