Hennessy Advisors, Inc. Data Breach

Hennessy Advisors, Inc. (“Hennessy Advisors”) has announced a data security incident involving unauthorized access to its systems and certain sensitive investor information. According to the notice, Hennessy Advisors first detected suspicious activity on March 30, 2025, when system access issues signaled possible compromise.

Upon discovering the incident, Hennessy Advisors immediately initiated its incident‑response protocols, engaged third‑party cybersecurity specialists, and began a months‑long investigation to determine what occurred. Although initial findings did not confirm access to personal information, the company later learned in late December 2025 that certain confidential data had been accessed and released without authorization. On February 5, 2026, the company confirmed that your personal information was among the data accessed.

Hennessy Advisors is a publicly traded investment manager based in Novato, California, founded in 1989. The firm manages the Hennessy Funds, a family of mutual funds and ETFs covering domestic equity, sector, and multi-asset strategies. The firm has roughly $4.2 billion in assets managed as of 2026.

The compromised data relates to individuals whose information was included among the accessed and released files. Upon completing its internal review, Hennessy Advisors began sending formal notification letters to affected consumers and has taken steps to strengthen its cybersecurity posture in response to the incident.

If you received a Data Breach Notification Letter from Hennessy Advisors, it confirms that your personal information may have been accessed and/or acquired by an unauthorized party.

What information is involved in the Hennessy Advisors, Inc. Data Breach?

Compromised information may include:

Your Personally Identifiable Information (PII) may include highly sensitive financial‑related data, the release of which could create elevated risks of identity theft, financial fraud, and misuse of investor credentials. Organizations that maintain investor data are required to comply with state and federal financial privacy regulations including the Gramm‑Leach‑Bliley Act (GLBA).

If Protected Health Information (PHI) was involved, this may include data protected by HIPAA and state privacy laws. Exposure of PHI elevates risks of medical‑related fraud, insurance misuse, or unauthorized access to health‑related services.

While Hennessy Advisors states it has no current indication that your information has been misused, exposed PII—especially in financial contexts—can significantly increase risks of fraud, unauthorized account activity, and other financial harm. The notice encourages individuals to remain vigilant and enroll in complimentary credit monitoring and identity‑protection services.

Affected individuals should closely monitor statements, credit reports, and other financial communications for any signs of suspicious activity. Beneficiaries of affected accounts are also encouraged to enroll in the offered protection services.

Residents of California benefit from enhanced privacy protections under the California Consumer Privacy Act (CCPA), which provides additional rights regarding the collection, storage, and protection of personal information. California residents may also have additional legal remedies when personal data is compromised in a breach.

Hennessy Advisors further advises consumers to review the provided security guidance, consider placing a fraud alert or security freeze, and take advantage of federal protections such as those under the Fair Credit Reporting Act (FCRA).

Contact the Data Breach Attorneys at Emery | Reddy today for a Free Case Review.