A Pathstone data leak indexed by leaksear.ch contains 70,038 records, about 70,000, tied to the family-office and wealth-management firm, with a breach date listed as February 27, 2026 (leaksear.ch metadata). Public reporting at the time said ShinyHunters claimed to have taken 641,000 records from Pathstone and issued a March 2, 2026 deadline, while Pathstone had not confirmed the breach in those reports (cybernews.com, www.scworld.com).
What happened
Cybernews reported on February 27, 2026 that ShinyHunters posted a dark-web ultimatum claiming it had breached Pathstone Family Office and stolen records containing personally identifiable information and internal corporate data (cybernews.com). SC Media later summarized the claim and noted that, at the time of its report, no sample data had been released to substantiate the allegation and Pathstone had not confirmed a breach (www.scworld.com).
The indexed leak metadata describes the material as data allegedly stolen by ShinyHunters in February 2026 and says the normalized dataset includes Salesforce CRM exports and document-inventory metadata (leaksear.ch metadata). Public breach trackers also list Pathstone, pathstone.com, ShinyHunters and a February 27, 2026 discovery date, but do not provide a confirmed technical root cause (www.breachsense.com, www.dexpose.io).
Pathstone describes itself as serving individuals and families, family offices and institutions, and its site lists more than $185 billion in aggregate assets as of December 31, 2025, including affiliate firms (pathstone.com).
What data was exposed
The leaksear.ch index lists searchable fields including names, email addresses, phone numbers, physical addresses, countries, dates of birth and usernames (leaksear.ch metadata). The metadata also describes financial profile fields, account and task context, and source audit fields that include Social Security or tax identifiers (leaksear.ch metadata).
The stored document-inventory fields include document category, file name, file extension, file size, file modified date, source file, source path, source record type, source row number, source table and source value audit fields (leaksear.ch metadata). The document categories described in the metadata include tax records, passports, driver licenses, wire instructions, trusts, estate documents and financial statements (leaksear.ch metadata).
Why this matters
A leak that combines identity data, contact details, dates of birth, addresses and financial-document context can support targeted phishing, account impersonation and identity-fraud attempts (leaksear.ch metadata). The risk is higher for wealth-management and family-office data because attackers can tailor lures around taxes, estate planning, wire transfers, trusts or investment administration, topics that Pathstone itself identifies as part of the services and client contexts it supports (pathstone.com). Individuals who believe their information may have been handled by Pathstone should use the lookup below to check whether their identifiers appear in this leak.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include address, country, date of birth, email, name, phone, and username.
Sources
- Cybernews: Hackers give Wall Street billionaires 5 days to panic: here's what they're demanding
- SC Media: Pathstone Family Office allegedly breached by ShinyHunters
- Breachsense: Pathstone Data Breach in 2026
- DeXpose: ShinyHunters Strikes Pathstone Family Office in Major Ransomware Attack
- Pathstone: Welcome to Pathstone