Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Mercer Advisors

Mercer Advisors Vendor Cyber Rating & Cyber Score

merceradvisors.com

Are you looking to amplify and simplify your financial life? For nearly 40 years, Mercer Advisors has been doing just that for families across the country by integrating financial planning, investment management, tax, estate, insurance, and more, all managed by a single team. With Mercer Advisors, you’ll benefit from a unified in-house team, a hand-picked advisor, an institutionalized-grade portfolio, and an independent national fiduciary legally obligated to always act in your best interest. Learn more about Mercer Advisors – a family office for your family.


Mercer Advisors A.I CyberSecurity Scoring

Mercer Advisors
Company Information
Website:http://www.merceradvisors.com
Employees number:1,363
Number of followers:55,354
NAICS:52
Industry Type:Financial Services
Homepage:merceradvisors.com
Mercer Advisors Risk Score (AI oriented)
Between 0 and 549
logo
Mercer AdvisorsFinancial Services
Updated:
02/04/2026
279/1000
Critical
C
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
Mercer Advisors Global Score (TPRM)
xxxx
logo
Mercer AdvisorsFinancial Services
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

Mercer Advisors
Mercer AdvisorsCritical
Current Score
279C (CRITICAL)
01000
5 incidents
-102.25 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
308Before Incident
JUNE 2026
306Before Incident
MAY 2026
288Before Incident
APRIL 2026
279Before Incident
MARCH 2026
344Before Incident
Breach
22 Mar 2026Mercer Advisors
Edelman Financial Engines, Mercer Advisors, Cetera Financial, Ameriprise and Hightower Advisors: Cetera, Ameriprise Sued Over Data Breaches

Financial Firms Face Class Action Lawsuits Over Data Breaches

276After Incident
CRITICAL-68
AMEMEREDEHIGCET1775075723
Financial Firms Face Class Action Lawsuits Over Data Breaches as FINRA Launches Cyber Threat Portal Cetera Financial and Ameriprise are the latest financial services firms embroiled in class action lawsuits over alleged data breaches, with customers accusing both companies of failing to safeguard sensitive client information. In a lawsuit filed by California resident Jennifer Collier, Cetera is accused of negligence after an unauthorized actor accessed an employee’s email account last summer. A subsequent review in January revealed that client data including names, Social Security numbers, and account details may have been exposed. The suit argues that Cetera’s security measures were inadequate, leaving affected clients vulnerable to long-term identity theft and financial fraud. Separately, Ameriprise faces a class action led by Pamela Caffrey, alleging a March 22 breach by the cybercriminal group ShinyHunters. The ransomware attack reportedly compromised Salesforce records containing personally identifiable information (PII) and over 200GB of internal data. Caffrey’s suit claims Ameriprise failed to notify victims, leaving them unaware of the exposure and at continued risk. The firm stated it contained the breach, confirmed no business disruptions, and asserted that the plaintiff’s PII was not impacted. Both incidents follow a string of recent breaches targeting financial firms, including Mercer Advisors, Hightower Advisors, and Edelman Financial Engines. Amid rising cyber threats, the Financial Industry Regulatory Authority (FINRA) has launched the Financial Intelligence Fusion Center, a secure portal for member firms to report and coordinate responses to cyber risks. Designed to provide actionable threat intelligence, the platform aims to bolster defenses, particularly for smaller firms lacking dedicated cybersecurity resources. FINRA CEO Robert Cook previously noted the center would leverage internal and external data to enhance risk mitigation.
INCIDENT DETAILS -
TYPE
Data BreachRansomware
IMPACT
NamesSocial Security numbersAccount detailsPersonally Identifiable Information (PII)Internal dataEmail AccountSalesforce RecordsOperational Impact: No business disruptions (Ameriprise)Class Action LawsuitsIdentity Theft Risk: Long-term identity theft and financial fraud
DATA BREACH
Personally Identifiable Information (PII)Internal DataSensitivity Of Data: HighData Exfiltration: 200GB of internal data (Ameriprise)NamesSocial Security numbersAccount details
MARCH 2026
434Before Incident
Breach
02 Mar 2026Mercer Advisors
Mercer Advisors, Beacon Pointe Advisors and Pathstone Family Office: Pathstone Family Office allegedly breached by ShinyHunters

ShinyHunters Claims Breach of Elite Wealth Firm Pathstone Family Office

339After Incident
CRITICAL-95
PATMERBEA1772527560
ShinyHunters Claims Breach of Elite Wealth Firm Pathstone Family Office Cyber extortion group ShinyHunters has alleged a breach of Pathstone Family Office, a wealth management firm serving high-net-worth clients. In a post on its dark web leak site, the group claimed to have exfiltrated 641,000 records, including personally identifiable information (PII) and internal corporate documents. Pathstone was given until March 2 to respond before the data was reportedly set to be released. Pathstone, which manages $170 billion in assets for over 750 families, has not confirmed the breach, and no sample data has been provided to verify the claim. If substantiated, the exposed records could include legal paperwork, estate planning details, financial structures, and client contracts, posing risks of fraud, impersonation, intellectual property theft, and reputational harm. ShinyHunters has recently targeted other financial advisory firms, including Beacon Pointe Advisors and Mercer Advisors, later publishing alleged stolen data. The group has also been linked to past breaches involving Waltio, Salesforce CRM, Crunchbase, and Bumble.
INCIDENT DETAILS -
TYPE
Data Breach
MOTIVATION
Extortion
IMPACT
Data Compromised: 641,000 recordsBrand Reputation Impact: Reputational harmIdentity Theft Risk: Fraud, impersonation
DATA BREACH
Personally Identifiable Information (PII)Internal corporate documentsNumber Of Records Exposed: 641,000Sensitivity Of Data: HighData Exfiltration: YesLegal paperworkEstate planning detailsFinancial structuresClient contractsPersonally Identifiable Information: Yes
FEBRUARY 2026
610Before Incident
Ransomware
17 Feb 2026Mercer Advisors
Mercer Advisors and Beacon Pointe Advisors: Barron's top investment advisors threatened with 48-hour ultimatum "don't be the next headline”

ShinyHunters Extortion Gang Targets Two Major U.S. Investment Advisors

432After Incident
CRITICAL-178
BEAMER1771339383
ShinyHunters Extortion Gang Targets Two Major U.S. Investment Advisors The notorious cybercrime group ShinyHunters has claimed responsibility for breaching two high-profile U.S. investment advisory firms Mercer Advisors and Beacon Pointe Advisors threatening to leak millions of sensitive client records unless paid by February 18, 2026. The attackers allege they stole 5 million records from Mercer Advisors and over 100,000 from Beacon Pointe, including personally identifiable information (PII) and internal corporate data. Beacon Pointe Advisors, headquartered in Newport Beach, California, is the largest female-led independent registered investment advisor (RIA) in the U.S., managing $62 billion in assets and employing over 600 people. It ranked #7 on Barron’s Top 100 RIA list in 2025 and received investment from private equity firm Kohlberg Kravis Roberts & Co. in 2021. Mercer Advisors, based in Denver, oversees $92 billion in assets with a workforce of 1,500, topping Barron’s list in 2024 and 2025. The extortion attempt follows a pattern of pressure tactics, with ShinyHunters warning of "annoying (digital) problems" if demands are ignored. The group, linked to multiple high-profile breaches including a 2024 attack on a French cryptocurrency tax platform has a history of targeting enterprise cloud services and customer databases. In June 2025, French authorities arrested four alleged members of the gang, though its operations appear to continue. Mercer Advisors previously disclosed a 2025 data breach tied to its April 30 acquisition of Tufton Capital, affecting 661 individuals after unauthorized access between May 15–16, 2025. It remains unclear whether the current incident is connected to that breach, though cybercriminals often resurface old data. Neither firm has publicly confirmed the breach, and no data samples have been provided to verify ShinyHunters’ claims. If true, the incident could trigger regulatory scrutiny and reputational damage for the firms. ShinyHunters’ ultimatum underscores the persistent threat of extortion-driven cyberattacks in the financial sector.
INCIDENT DETAILS -
TYPE
Extortion
MOTIVATION
Financial gain (extortion)
IMPACT
Data Compromised: 5 million records (Mercer Advisors), over 100,000 records (Beacon Pointe)Brand Reputation Impact: Potential reputational damageLegal Liabilities: Potential regulatory scrutinyIdentity Theft Risk: High (PII exposed)
DATA BREACH
Personally Identifiable Information (PII)Internal corporate dataNumber Of Records Exposed: 5,100,000+Sensitivity Of Data: HighData Exfiltration: Alleged (threatened to leak)Personally Identifiable Information: Yes
JANUARY 2026
676Before Incident
Breach
22 Jan 2026Mercer Advisors
Mercer Advisors Inc. and Murphy Law Firm: Mercer Advisors Data Breach Exposes Personal Information: Murphy Law Firm Investigates Legal Claims

Mercer Advisors Data Breach Exposes Sensitive Information of Thousands

608After Incident
CRITICAL-68
MURMER1775169783
Mercer Advisors Data Breach Exposes Sensitive Information of Thousands On January 22, 2026, Mercer Advisors Inc. detected suspicious activity on its network, later confirmed as a data breach. A forensic investigation revealed that cybercriminals had infiltrated the company’s inadequately secured systems, gaining access to files containing sensitive personal data of thousands of individuals. The exposed information includes names, Social Security numbers, financial account details, credit/debit card information, medical records, driver’s license numbers, dates of birth, and addresses. The breach potentially places this data in the hands of threat actors, who may sell it on the dark web or use it for identity theft. Murphy Law Firm has launched an investigation into the incident and is evaluating legal action, including a potential class action lawsuit, on behalf of affected individuals. The firm specializes in data breach litigation and has begun outreach to those impacted. Mercer Advisors has not yet disclosed the full scope of the breach or the number of individuals affected.
INCIDENT DETAILS -
TYPE
Data Breach
MOTIVATION
Data exfiltrationIdentity theftFinancial gain
IMPACT
Data Compromised: Sensitive personal data of thousands of individualsLegal Liabilities: Potential class action lawsuitIdentity Theft Risk: HighPayment Information Risk: High
DATA BREACH
NamesSocial Security numbersFinancial account detailsCredit/debit card informationMedical recordsDriver’s license numbersDates of birthAddressesSensitivity Of Data: HighData Exfiltration: PotentialPersonally Identifiable Information: Yes
DECEMBER 2025
675Before Incident
NOVEMBER 2025
673Before Incident
OCTOBER 2025
671Before Incident
SEPTEMBER 2025
670Before Incident
AUGUST 2025
668Before Incident
MAY 2025
761Before Incident
Breach
15 May 2025Mercer Advisors
Mercer Advisors and Beacon Pointe Advisors: ShinyHunters reveals +5M records after Wall Street ignores "final warning"

ShinyHunters Leaks Millions of Records from Top US Investment Firms in Extortion Attack

661After Incident
CRITICAL-100
MERBEA1771967984
ShinyHunters Leaks Millions of Records from Top US Investment Firms in Extortion Attack Last week, the notorious cybercriminal group ShinyHunters dumped 5.7 million records tied to two major U.S. investment advisory firms Mercer Advisors and Beacon Pointe Advisors after issuing a 48-hour ultimatum and failing to secure a ransom payment. The leaked data, posted on the dark web, includes client contracts, personal identifiable information (PII), and internal documents, raising concerns over potential identity theft and financial fraud. ### Key Details of the Breach - Victims: Mercer Advisors (Denver-based, managing $92 billion in assets) and Beacon Pointe Advisors (Newport Beach-based, managing $62 billion), both ranked among Barron’s top RIAs. - Attacker: ShinyHunters, a well-known extortion group linked to high-profile breaches, including Canada Goose, Hinge, and Match.com. - Data Exposed: - Mercer Advisors: 5GB of records, including client contracts and PII. - Beacon Pointe Advisors: 60GB of data, though researchers noted some records may be duplicates. - Timeline: The breach occurred between May 15–16, 2025, with the data leak following a failed extortion attempt. ### Previous Incidents & Law Enforcement Action Mercer Advisors had previously disclosed a 2025 breach tied to its acquisition of Tufton Capital, affecting 661 individuals. Meanwhile, French authorities arrested four alleged ShinyHunters members on June 25, 2025, though the group’s operations appear ongoing. ### Impact & Unanswered Questions While the firms have not confirmed the breach, researchers verified the authenticity of the leaked data. The incident underscores the growing threat of extortion-driven attacks on financial institutions, where cybercriminals leverage stolen data to pressure victims into paying ransoms or face public exposure. ShinyHunters’ latest attack reinforces its reputation as a high-impact threat actor, targeting elite firms with vast troves of sensitive client information. The full extent of the breach’s fallout remains unclear as investigations continue.
INCIDENT DETAILS -
TYPE
Data Breach, Extortion
MOTIVATION
Extortion, Financial Gain
IMPACT
Data Compromised: 5.7 million recordsBrand Reputation Impact: HighIdentity Theft Risk: High
DATA BREACH
Client contractsPersonal Identifiable Information (PII)Internal documentsNumber Of Records Exposed: 5.7 millionSensitivity Of Data: HighData Exfiltration: YesPersonally Identifiable Information: Yes

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for Mercer Advisors ?
?
What was Mercer Advisors's A.I Rankiteo Cyber Score in June 2026 ?
?
What was Mercer Advisors's A.I Rankiteo Cyber Score in May 2026 ?
?
What was Mercer Advisors's A.I Rankiteo Cyber Score in April 2026 ?
?
What was Mercer Advisors's A.I Rankiteo Cyber Score in March 2026 ?
?
What was Mercer Advisors's A.I Rankiteo Cyber Score in February 2026 ?
?
What was Mercer Advisors's A.I Rankiteo Cyber Score in January 2026 ?
?
What was Mercer Advisors's A.I Rankiteo Cyber Score in December 2025 ?
?
What was Mercer Advisors's A.I Rankiteo Cyber Score in November 2025 ?
?
What was Mercer Advisors's A.I Rankiteo Cyber Score in October 2025 ?
?
What was Mercer Advisors's A.I Rankiteo Cyber Score in September 2025 ?
?
What was Mercer Advisors's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on Mercer Advisors's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with Mercer Advisors ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view Mercer Advisors's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?