Ransomware victim disclosure
← All victimsPathstone Family Office, LLC
Claimed by Hunters International · listed 5 months ago
Status timeline
- ListedFeb 27, 2026
- Data leakeddate unknown
At a glance
- Status
- Data leaked
- Country
- United States
- Sector
- Financial Services
- Listed on leak site
- Feb 27, 2026
- Records
- 641K records
About the victim
AI dossier — public-source company profilePathstone Family Office, LLC is a registered investment advisory and family office services firm based in the United States. The firm provides comprehensive wealth management, tax planning, estate planning, and investment advisory services to ultra-high-net-worth individuals and families. It operates across multiple offices in the U.S. and serves a client base of wealthy families and institutional clients.
- Industry
- Wealth Management & Family Office Services
Attack summary
Severity: critical — Over 641,000 records of PII have been exfiltrated from a wealth management and family office firm, which by nature holds highly sensitive regulated financial data, investment portfolios, tax records, and personal information belonging to high-net-worth individuals — constituting large-scale exfiltration of regulated financial and personal data.Hunters International claims to have exfiltrated over 641,000 records containing personally identifiable information and internal corporate data from Pathstone Family Office, LLC, issuing a final warning deadline of 2 March 2026 before publishing the data.
Data the group says was taken
AI dossier — extracted from the leak post- Personally identifiable information (PII)
- Internal corporate data
- Client records
What the group claims
Over 641k records containing PII and other internal corporate data have been compromised. This is a final warning to reach out by 2 Mar 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 27 Feb 2026 | Warning: FINAL WARNING
Source
Indexed 5 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

