Caldwell Trust Company Data Breach Lawsuit

Caldwell Trust Company (“Caldwell”) has disclosed a cybersecurity incident that resulted in unauthorized access to parts of its computer network. The breach, which occurred in early August 2025, exposed sensitive financial information belonging to at least two individuals. Caldwell has since completed its investigation, notified law enforcement, and taken steps to strengthen its cybersecurity protocols.

Caldwell Trust Company’s Data Breach Investigation

In early August 2025, Caldwell Trust Company detected a cybersecurity event involving unauthorized access to its internal computer systems. Between August 4, 2025, and August 8, 2025, a malicious actor gained entry to portions of Caldwell’s network and accessed certain files that contained confidential client data.

Upon discovering the incident, Caldwell promptly secured its systems, launched an internal investigation, and engaged with law enforcement authorities to assist in the inquiry. The company also enlisted cybersecurity professionals to review the scope of the breach, identify affected data, and ensure that all vulnerabilities were addressed.

Through its investigation, Caldwell determined on September 4, 2025, that specific files containing client names and financial account numbers had been accessed without authorization. The company immediately took action to notify potentially impacted individuals. On September 23, 2025, Caldwell sent data breach notification letters via U.S. First-Class Mail to affected New Hampshire residents, in compliance with state data breach notification laws.

Caldwell Trust Company has since implemented enhanced security protocols, reviewed its data handling practices, and reinforced employee cybersecurity training. The company also established a toll-free call center to provide information and answer questions from those impacted.

When Did This Breach Occur?

The unauthorized access to Caldwell’s computer network occurred between August 4, 2025, and August 8, 2025.
Caldwell identified the affected files on September 4, 2025, and mailed notification letters to impacted individuals on September 23, 2025.

What Information Was Breached?

According to the company’s investigation, the following types of sensitive personal information were involved in the data breach:

• Name
• Financial account number

Although the number of affected individuals appears limited, the exposure of financial account data poses a serious risk of fraud or unauthorized financial activity.

What You Can Do

If you received a notification letter from Caldwell Trust Company or believe your information may have been affected, you should take immediate steps to protect yourself:

1. Monitor Your Financial Accounts Closely – Review your bank, investment, and credit card statements regularly for any unauthorized activity. Report any suspicious transactions to your financial institution right away.
2. Set Up Fraud Alerts – Contact one of the three major credit bureaus (Equifax, Experian, or TransUnion) to place a fraud alert on your credit file. This helps prevent identity thieves from opening new accounts in your name.
3. Consider a Credit Freeze – A credit freeze restricts access to your credit report, making it harder for cybercriminals to open fraudulent accounts.
4. Change Online Banking Passwords – Update your online account passwords and use multi-factor authentication (MFA) where available.
5. Stay Alert for Phishing Attempts – Be cautious of unsolicited emails or calls that reference the breach or request additional personal information.

Caldwell has encouraged affected clients to remain vigilant and to promptly report any unauthorized transactions to their financial institutions.

File a Data Breach Lawsuit Against Caldwell Trust Company