AssetMark Data Breach Lawsuits: 570K SSNs Exposed
Data Breach · Lawsuits Filed

AssetMark Data Breach: Class Actions Filed After Hack Reportedly Exposed 570,000 People's SSNs

Published July 8, 2026

If you got a breach letter from AssetMark, your free 24-month credit monitoring has an enrollment deadline — and the lawsuits over the hack are just getting started.

AssetMark data breach class action lawsuits over exposed SSNs and financial data
AssetMark, a Concord, California wealth-management platform used by thousands of financial advisors, faces federal class actions over its May 2026 data breach.
Allegations Only · No Settlement Yet

This article describes proposed class action complaints. The statements below are unproven allegations. AssetMark has not been found liable, there is no certified class, and nothing to claim at this time. This page is informational and is not legal advice.

What Is This About?

AssetMark, Inc. — a Concord, California wealth-management technology platform that thousands of independent financial advisors use to manage client accounts — is facing federal class action litigation over a May 2026 data breach. According to breach notifications the company filed with state attorneys general, approximately 570,000 people were affected, and the compromised files included names, Social Security numbers, financial account information, and government-issued ID numbers.

At least three proposed class actions were filed in the U.S. District Court for the Northern District of California in June 2026: Martinez v. AssetMark, Inc. (No. 3:26-cv-05890), Hickey v. AssetMark, Inc. (No. 3:26-cv-06136), and Shaw v. AssetMark, Inc. (No. 3:26-cv-06375). All of the complaints' claims are unproven allegations — no class has been certified, AssetMark has not been found liable, and there is no settlement and nothing to claim.

Status Complaints Filed At least 3 federal class actions · N.D. Cal. · June 2026
Scale ~570,000 people Per AssetMark's breach filings with state attorneys general
Reportedly Involved Names, SSNs, financial-account info, government IDs Per the notification letters · data varied by person
Can I Claim? No — nothing to claim yet Only the free 24-month credit monitoring offered in the notice letters

What Happened at AssetMark?

According to the company's notification letters, AssetMark identified suspicious activity involving an employee's login credentials on May 15, 2026 — reportedly the result of a phishing attack that compromised the employee's account. An unauthorized user gained access to files containing customer information and downloaded them. By around May 18, AssetMark had determined whose personal information was in the downloaded files, and it mailed notification letters to affected individuals on June 11, 2026. The breach appeared on state attorney-general breach portals, including the Texas registry, the following week.

AssetMark is a turnkey asset management platform (TAMP) — advisors' clients hold accounts that run on its technology, which is why hundreds of thousands of everyday investors received letters from a company many had never dealt with directly. AssetMark has been owned by the private-equity firm GTCR since September 2024. A separate, smaller incident at affiliate AssetMark Trust Company was reported earlier in spring 2026; that incident involved roughly 9,000 people and is distinct from this ~570,000-person breach.

What the Lawsuits Allege

The Martinez, Hickey, and Shaw complaints are proposed data-breach class actions alleging that AssetMark failed to adequately safeguard the personal and financial information in its care. As in most data-breach litigation, the plaintiffs seek damages and injunctive relief requiring stronger security practices. These are allegations from newly filed complaints — AssetMark has not yet answered on the merits, none of the claims has been tested in court, and the three cases may eventually be consolidated before a single judge.

Plaintiffs' firms are also continuing to advertise investigations and recruit affected AssetMark customers, which typically continues until lead plaintiffs and lead counsel are sorted out.

What AssetMark Is Offering Affected People

The notification letters offer 24 months of complimentary credit monitoring and identity restoration services through Epiq's Privacy Solutions ID program, including credit-file monitoring and Social Security number monitoring. Enrollment requires the personal activation code printed in your letter, entered on the Privacy Solutions ID enrollment site before the enrollment deadline shown on the letter. If you received a letter, enrolling costs you nothing and does not affect any future legal rights in the class actions.

Is There a Settlement?

No. These cases were filed only weeks ago. There is no settlement fund, no claim form, no payout, and no deadline other than the credit-monitoring enrollment date in your letter. If the litigation later settles, a court-appointed administrator would mail notices to class members and open a claims process — data-breach settlements of this size are typically gated on an ID from that notice. We will update this page and our data breach settlements hub if a settlement is reached.

What Should Affected People Do Now?

Keep the notification letter — it has your activation code, and in a future claims process a notice like it is often how you file. Enroll in the free monitoring before your letter's deadline. Beyond that, the standard playbook applies: watch financial and advisory accounts for unfamiliar activity, be alert to phishing that references your investments or advisor, and consider a fraud alert or credit freeze with the major bureaus, since Social Security numbers were reportedly involved. For similar cases involving financial-sector breaches, see the Fidelity Investments data breach settlement and the Cadence Bank MOVEit data breach settlement.

This page is informational and is not legal advice.

Frequently Asked Questions

Has a class action been filed over the AssetMark data breach?

Yes — at least three, all in the Northern District of California in June 2026: Martinez (3:26-cv-05890), Hickey (3:26-cv-06136), and Shaw (3:26-cv-06375). All claims are unproven allegations; no class is certified.

Is there an AssetMark settlement?

No. Nothing to claim yet — only the free 24-month credit monitoring offered in the notification letters.

How many people were affected?

Approximately 570,000, according to AssetMark's breach filings with state attorneys general.

What data was exposed?

Per the notices: names, Social Security numbers, financial account information, and government-issued IDs, with some letters also listing addresses, account numbers, and tax ID numbers. The data varied by person.

Sources

Justia Dockets — Martinez v. AssetMark, Inc., 3:26-cv-05890 (N.D. Cal.)
Justia Dockets — Hickey v. AssetMark, Inc., 3:26-cv-06136 (N.D. Cal.)
Justia Dockets — Shaw v. AssetMark, Inc., 3:26-cv-06375 (N.D. Cal.)
Massachusetts OCABR — AssetMark, Inc. breach notification (2026-962)
Citywire — "AssetMark sued over phishing attack, client data theft"
GlobeNewswire — AssetMark completes acquisition by GTCR (Sept 2024)


For more class actions keep scrolling below.
Status Complaints filed — no class certified, no settlement
Case Title Martinez v. AssetMark, Inc. (and related cases)
Case Numbers 3:26-cv-05890 · 3:26-cv-06136 · 3:26-cv-06375
Court U.S. District Court, Northern District of California
Date Filed June 2026

More Financial Data Breach Cases