UPDATED: February 25, 2026

Hennessy Advisors Data Breach

Hennessy Advisors reported a breach that exposed sensitive personal and financial information of 12,643 individuals, including 48 residents of Maine. Affected individuals should monitor their accounts and consider exploring legal action for compensation.

Hennessy Advisors

Date of Breach: March 30, 2025

Who was affected:

Clients of Hennessy Advisors

Impacted Data:

Personal Information

Financial Information

Other Sensitive Information

Hennessy Advisors, Inc. recently reported a data breach involving unauthorized access to personal information. The breach, which occurred between late December 2025 and early 2026, affected 12,643 individuals, including 48 residents of Maine.

Hennessy Advisors Data Breach Investigation

Hennessy Advisors, a publicly traded investment management firm providing services to the Hennessy Funds, disclosed a data security incident that may have compromised sensitive personal information. The breach was discovered on March 30, 2025, when suspicious activity was detected within the company’s systems.

Upon learning of the incident, Hennessy Advisors immediately launched an investigation and engaged third-party cybersecurity specialists to secure the company’s systems and protect data. Although no evidence of unauthorized access was found initially, a more detailed review revealed that personal information of certain investors in the Hennessy Funds had been accessed and released without authorization by late December 2025.

The company became fully aware of the unauthorized access of personal information on February 5, 2026. This breach has potentially exposed sensitive personal data that could include names, addresses, financial account numbers, and other details related to individuals’ investments.

Hennessy Advisors has taken steps to notify the impacted individuals and is offering identity theft protection services, including credit monitoring, to help mitigate the risk of fraud.

When Did This Breach Occur?

According to Hennessy Advisors:

Date(s) the Breach Occurred: March 30, 2025 – December 2025 (unauthorized access occurred over this period)
Date the Breach Was Discovered: February 5, 2026

The breach began with suspicious activity in March 2025, and the company discovered the extent of the unauthorized access and data release in December 2025. Full awareness of the breach occurred in February 2026.

What Information Was Breached?

The following types of information were potentially exposed during the breach:

Personal Information: Name, address, date of birth
Financial Information: Investment details, financial account numbers
Other Sensitive Information: Health or insurance data, if included as part of investment-related transactions

Although the full scope of the breach is still being reviewed, the compromised data likely includes highly sensitive financial and personal identifiers.

What You Can Do

If you were affected by the Hennessy Advisors data breach, here are the steps you can take to protect your information:

Enroll in the complimentary credit monitoring and identity theft protection services offered by Hennessy Advisors through IDX. These services include credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed identity theft recovery services.
Review your financial accounts and credit reports for unauthorized activity or signs of identity theft.
Place a fraud alert or security freeze on your credit files to prevent unauthorized access.
Report suspicious activity to your financial institutions and law enforcement if necessary.
Contact your beneficiaries to encourage them to enroll in the identity protection services as well.

You must enroll in the credit monitoring services by May 23, 2026. Ensure you have your unique enrollment code from the letter provided.

File a Data Breach Lawsuit Against Hennessy Advisors

If you received notice from Hennessy Advisors that your personal information was compromised in this breach, you may be eligible for compensation. Data breach lawsuits are an important tool for holding organizations accountable for mishandling or failing to secure sensitive data.

Compensation for data breach victims can include reimbursement for out-of-pocket expenses, costs related to identity theft protection services, and other damages caused by the exposure of personal information.

You don’t have to navigate this situation alone. If you believe you were impacted by this breach, understanding your rights and legal options is the first step toward seeking justice.

Contact us at Class Action U, where we can connect you with a lawyer experienced in class action lawsuits. If you’ve been contacted about this breach, received notice, or believe you were affected, fill out our quick, easy, and secure form to sign up. There is no cost to reach out to our legal partner, and no obligation after speaking with someone from our team

Subscribe To Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

Other Data Breaches

California FAIR Plan Association Data Breach

Date of Breach: December 12, 2025

Williams Accountancy Corporation Data Breach

Date of Breach: December 30, 2025

L&S Mechanical Data Breach

Date of Breach: Not Specified

Frequently Asked Questions

What Should I Do If I Believe My Data Has Been Breached?

A data breach occurs when sensitive, confidential, or protected information is accessed, stolen, or disclosed without authorization. Data breaches often occur through phishing emails, malware, weak passwords, insider threats, or unsecured databases. Indicators of a data breach can include unexpected password resets, suspicious account activity, unauthorized transactions, or notifications from companies about compromised information.If you suspect your data has been compromised, you must take measures and act quickly. Change passwords, enable two-factor authentication, review your financial accounts for unusual activity and consider freezing your credit.

What Happens to Your Data in a Data Breach?

Once stolen, your personal information may be sold on the dark web or used for identity theft and financial fraud. In some cases, hackers use the data to extort companies or launch further attacks. Victims often face long-term risks, including damage to credit and privacy.

How Should I Respond to a Data Breach Notification?

If you receive a data breach notification, don’t ignore it. Immediately change passwords for the affected account and any others that share credentials. Enroll in any free credit monitoring services offered and monitor financial statements closely.

What Evidence is Needed for a Data Breach Claim?

To pursue a data breach claim, you’ll need documentation showing your information was compromised and proof of resulting harm, such as fraudulent charges, credit score damage, or identity theft reports. Notification letters, financial records, and communication with the breached company can help support your claim.

Can a Company Be Sued for a Data Breach?

Yes. If a company fails to protect consumer data or delays notifying victims, it may be held liable under state and federal privacy laws. Many victims join class action lawsuits to recover financial losses and hold negligent organizations accountable.

What is the Average Settlement in a Data Breach Lawsuit?

Data breach settlements vary widely depending on the size of the breach, type of data compromised, and damages suffered by victims. Payouts may include cash compensation, identity theft protection, or reimbursement for losses. Many settlements range from a few hundred to several thousand dollars per person. A skilled data breach lawyer can guide victims through the complex legal process, ensuring their rights are protected. If you’ve received a data breach notification or believe your personal data was exposed, you may be eligible for compensation. Contact Class Action U to learn more about how to join a data breach lawsuit and understand the process of filing.