Cetera Financial Group Notifies Customers After Unauthorized Email Account Access

Letters began arriving in mailboxes across multiple states on March 25, 2026, as Cetera Financial Group disclosed that an unauthorized actor had broken into an employee email account and may have viewed customers' personal information.

The company issued formal "Notice of Data Event" letters to affected residents, marking the latest cybersecurity incident for one of the country's largest independent financial services networks. The notices state that the intrusion involved a single employee email account, though Cetera has not publicly disclosed how many customers received the letters or what categories of personal information may have been exposed.

Cetera Financial Group operates as a shared services organization providing retail financial services to investment programs of banks and credit unions, with over 1.7 million clients and annual revenue of approximately $1.6 billion. Founded in 2010 and headquartered in El Segundo, California, the firm employs more than 8,000 financial advisors and 1,700 home office employees across offices in California, Colorado, Illinois, and Minnesota.

The incident is not the first time the company has confronted an email account breach. Between November 2017 and June 2020, unauthorized third parties reportedly gained access to email accounts belonging to over 60 personnel across various Cetera entities, resulting in the exposure of sensitive customer information. That episode ended with regulatory consequences: Cetera paid $300,000 to settle charges with the Securities and Exchange Commission. At the time, none of the compromised accounts had multi-factor authentication turned on, even though Cetera's own policies required MFA "wherever possible" beginning in 2018.

The SEC's enforcement action from that period also found fault with how Cetera communicated breach details to affected customers. The SEC's order found that Cetera Advisors and Cetera Investment Advisers sent breach notifications that included misleading language suggesting the notifications were issued much sooner than they actually were after discovery of the incidents.

Email account takeovers remain a persistent vulnerability across the financial services industry. Third-party vendor vulnerabilities and sophisticated social engineering campaigns have defined the cybersecurity landscape for financial institutions in recent years, with attackers frequently bypassing internal bank defenses by targeting the supply chain.

Customers who receive one of Cetera's "Notice of Data Event" letters should review the notice carefully for specific guidance on what information may have been involved and what protective steps the company is offering. Any recipients who suspect misuse of their personal data can also contact their state attorney general's office, as all 50 states and four U.S. jurisdictions, including the District of Columbia, Puerto Rico, Guam, and the Virgin Islands, have enacted data breach notification requirements.