Ameriprise Financial Data Breach Exposes Sensitive Client Information
On August 26, 2025, Ameriprise Financial Services, LLC, a major U.S. financial services provider, detected a data breach stemming from a phishing attack on November 11, 2024. The incident compromised personally identifiable information (PII) and protected health information (PHI) of hundreds of current and former clients, including at least 411 Texas residents and individuals in Maine and Massachusetts.
The breach occurred when an unauthorized actor gained temporary access to client data through a phishing attack targeting an advisor’s office staff member. Exposed information included names, addresses, Social Security numbers, dates of birth, driver’s license numbers, financial account details, and in some cases, medical records and dependent information.
Ameriprise reported the breach to the Maine Attorney General’s office on September 11, 2025, followed by notifications to New Hampshire and Massachusetts on December 22, 2025, and Texas on December 29, 2025. Affected clients were notified via U.S. Mail on September 8, 2025.
In response, Ameriprise confirmed the deletion of exposed data by unintended recipients and implemented enhanced security measures, including stricter verification procedures for account requests. The company is offering one year of complimentary credit monitoring and identity restoration services through Equifax Complete Premier to impacted individuals.
Source: https://www.claimdepot.com/data-breach/ameriprise-financial-2026
Ameriprise Financial Services, LLC cybersecurity rating report: https://www.rankiteo.com/company/ameriprise-financial-services-llc
"id": "AME1767368489",
"linkid": "ameriprise-financial-services-llc",
"type": "Breach",
"date": "11/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Hundreds of current and former '
'clients (at least 411 in Texas, '
'1 in Maine, 1 in Massachusetts)',
'industry': 'Financial Services',
'location': 'U.S.',
'name': 'Ameriprise Financial Services, LLC',
'size': 'Large',
'type': 'Financial Services Provider'}],
'attack_vector': 'Phishing',
'customer_advisories': 'Notified affected consumers by U.S. Mail on '
'2025-09-08',
'data_breach': {'number_of_records_exposed': 'Hundreds (exact number not '
'specified)',
'personally_identifiable_information': ['Name',
'Address',
'Social Security '
'number',
'Date of birth',
'Driver’s license '
'number',
'Phone numbers',
'Email address',
'Gender',
'Marital status',
'Citizenship',
'Client ID',
'Group ID',
'Account and policy '
'numbers',
'Account values',
'Net worth',
'Financial account '
'numbers',
'Credit or debit card '
'numbers',
'Policy numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2025-08-26',
'date_publicly_disclosed': '2025-09-11',
'description': 'A data breach at Ameriprise Financial Services, LLC, exposed '
'personally identifiable information (PII) and protected '
'health information (PHI) of hundreds of current and former '
'clients across the U.S. due to a phishing incident involving '
'an advisor’s office staff member.',
'impact': {'brand_reputation_impact': 'Likely negative impact due to exposure '
'of sensitive client data',
'data_compromised': 'Personally identifiable information (PII) and '
'protected health information (PHI)',
'identity_theft_risk': 'High (exposure of SSNs, driver’s license '
'numbers, financial account details)',
'legal_liabilities': 'Potential regulatory fines and legal actions',
'payment_information_risk': 'High (exposure of credit/debit card '
'numbers)'},
'initial_access_broker': {'entry_point': 'Phishing attack on advisor’s office '
'staff',
'high_value_targets': 'Client PII and PHI'},
'investigation_status': 'Ongoing',
'post_incident_analysis': {'corrective_actions': 'Enhanced verification '
'procedures, credit '
'monitoring services for '
'affected clients',
'root_causes': 'Phishing attack leading to '
'unauthorized access to client '
'information'},
'recommendations': ['Enhance phishing awareness training for staff',
'Implement multi-factor authentication (MFA) for '
'sensitive account access',
'Strengthen verification procedures for client requests',
'Monitor for identity theft risks among affected clients'],
'references': [{'source': 'Maine Attorney General’s office'},
{'source': 'New Hampshire Attorney General’s office'},
{'source': 'Massachusetts Attorney General’s office'},
{'source': 'Texas Attorney General’s office'}],
'regulatory_compliance': {'regulations_violated': ['Potential violations of '
'data protection laws '
'(e.g., GLBA, HIPAA)'],
'regulatory_notifications': ['Maine Attorney '
'General’s office '
'(2025-09-11)',
'New Hampshire '
'Attorney General’s '
'office (2025-12-22)',
'Massachusetts '
'Attorney General’s '
'office (2025-12-22)',
'Texas Attorney '
'General’s office '
'(2025-12-29)']},
'response': {'communication_strategy': 'Notified affected consumers by U.S. '
'Mail on 2025-09-08',
'containment_measures': 'Confirmed deletion of exposed '
'information with unintended recipients',
'incident_response_plan_activated': 'Yes',
'recovery_measures': 'Offered one year of complimentary credit '
'monitoring and identity restoration '
'services',
'remediation_measures': 'Enhanced verification procedures for '
'account requests, extra caution when '
'verifying callers',
'third_party_assistance': 'Equifax (credit monitoring and '
'identity restoration services)'},
'title': 'Ameriprise Financial Services Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Human error (phishing attack on staff)'}