Ameriprise Financial Hit by Second Data Breach in Six Months, Impacting Nearly 50,000 Clients
Ameriprise Financial has disclosed a second data breach in less than six months, exposing the personal information of nearly 50,000 individuals. According to a filing with Maine state regulators on April 17, the breach occurred between March 2 and 18, compromising names and other "personal identifiers" of 47,876 people, including 335 Maine residents.
In a letter to affected clients, Ameriprise’s Director of Compliance, Jennifer Swihart, confirmed that an unauthorized individual accessed stored data and files. The company responded by blocking the intruder, launching an investigation with external cybersecurity experts, and offering free identity protection services to impacted customers. Ameriprise emphasized that no unauthorized transactions or fund movements occurred, and business operations remained unaffected.
The breach follows a December 2023 incident in which a phishing attack targeted one of the firm’s advisors, potentially exposing 598 individuals. That attack involved a fraudulent email disguised as a legitimate client communication. While Ameriprise found no evidence of data misuse in that case, it issued precautionary notifications to affected clients.
Ameriprise, a Minneapolis-based broker-dealer with approximately 10,000 advisors, has not disclosed how the latest breach occurred. The company previously highlighted its multi-layered security measures and an "online security guarantee" protecting against unauthorized fund transfers. Both incidents underscore ongoing cybersecurity challenges for financial services firms.
Source: https://www.advisorhub.com/ameriprise-discloses-second-data-breach-in-less-than-six-months/
Ameriprise Financial Services, LLC cybersecurity rating report: https://www.rankiteo.com/company/ameriprise-financial-services-llc
"id": "AME1776789651",
"linkid": "ameriprise-financial-services-llc",
"type": "Breach",
"date": "3/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '47,876',
'industry': 'Broker-Dealer',
'location': 'Minneapolis, USA',
'name': 'Ameriprise Financial',
'size': 'Approximately 10,000 advisors',
'type': 'Financial Services'}],
'customer_advisories': 'Letter to affected clients',
'data_breach': {'number_of_records_exposed': '47,876',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (personal identifiers)',
'type_of_data_compromised': 'Personal identifiers (names, '
'etc.)'},
'date_detected': '2024-03-18',
'date_publicly_disclosed': '2024-04-17',
'description': 'Ameriprise Financial has disclosed a second data breach in '
'less than six months, exposing the personal information of '
'nearly 50,000 individuals. An unauthorized individual '
'accessed stored data and files between March 2 and 18, '
'compromising names and other personal identifiers of 47,876 '
'people.',
'impact': {'data_compromised': 'Names and other personal identifiers',
'identity_theft_risk': 'High (free identity protection services '
'offered)',
'operational_impact': 'No unauthorized transactions or fund '
'movements; business operations remained '
'unaffected'},
'investigation_status': 'Ongoing',
'references': [{'date_accessed': '2024-04-17',
'source': 'Maine state regulators filing'}],
'regulatory_compliance': {'regulatory_notifications': 'Filing with Maine '
'state regulators'},
'response': {'communication_strategy': 'Letter to affected clients; filing '
'with Maine state regulators',
'containment_measures': 'Blocked the intruder',
'incident_response_plan_activated': True,
'remediation_measures': 'Launched an investigation; offered free '
'identity protection services',
'third_party_assistance': 'External cybersecurity experts'},
'title': 'Ameriprise Financial Second Data Breach in Six Months',
'type': 'Data Breach'}