Financial Firms Face Class Action Lawsuits Over Data Breaches as FINRA Launches Cyber Threat Portal
Cetera Financial and Ameriprise are the latest financial services firms embroiled in class action lawsuits over alleged data breaches, with customers accusing both companies of failing to safeguard sensitive client information.
In a lawsuit filed by California resident Jennifer Collier, Cetera is accused of negligence after an unauthorized actor accessed an employee’s email account last summer. A subsequent review in January revealed that client data including names, Social Security numbers, and account details may have been exposed. The suit argues that Cetera’s security measures were inadequate, leaving affected clients vulnerable to long-term identity theft and financial fraud.
Separately, Ameriprise faces a class action led by Pamela Caffrey, alleging a March 22 breach by the cybercriminal group ShinyHunters. The ransomware attack reportedly compromised Salesforce records containing personally identifiable information (PII) and over 200GB of internal data. Caffrey’s suit claims Ameriprise failed to notify victims, leaving them unaware of the exposure and at continued risk. The firm stated it contained the breach, confirmed no business disruptions, and asserted that the plaintiff’s PII was not impacted.
Both incidents follow a string of recent breaches targeting financial firms, including Mercer Advisors, Hightower Advisors, and Edelman Financial Engines.
Amid rising cyber threats, the Financial Industry Regulatory Authority (FINRA) has launched the Financial Intelligence Fusion Center, a secure portal for member firms to report and coordinate responses to cyber risks. Designed to provide actionable threat intelligence, the platform aims to bolster defenses, particularly for smaller firms lacking dedicated cybersecurity resources. FINRA CEO Robert Cook previously noted the center would leverage internal and external data to enhance risk mitigation.
Ameriprise Financial cybersecurity rating report: https://www.rankiteo.com/company/ameriprise-financial
Mercer Advisors cybersecurity rating report: https://www.rankiteo.com/company/mercer-advisors
Edelman Financial Engines cybersecurity rating report: https://www.rankiteo.com/company/edelman-financial-engines
Hightower Advisors cybersecurity rating report: https://www.rankiteo.com/company/hightoweradvisors
Cetera Financial Group cybersecurity rating report: https://www.rankiteo.com/company/cetera-financial-group
"id": "AMEMEREDEHIGCET1775075723",
"linkid": "ameriprise-financial, mercer-advisors, edelman-financial-engines, hightoweradvisors, cetera-financial-group",
"type": "Breach",
"date": "3/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Financial Services',
'name': 'Cetera Financial',
'type': 'Financial Services Firm'},
{'industry': 'Financial Services',
'name': 'Ameriprise',
'type': 'Financial Services Firm'}],
'attack_vector': ['Unauthorized Email Access', 'Ransomware'],
'data_breach': {'data_exfiltration': '200GB of internal data (Ameriprise)',
'personally_identifiable_information': ['Names',
'Social Security '
'numbers',
'Account details'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Internal Data']},
'description': 'Cetera Financial and Ameriprise are facing class action '
'lawsuits over alleged data breaches, with customers accusing '
'both companies of failing to safeguard sensitive client '
'information. Cetera is accused of negligence after an '
'unauthorized actor accessed an employee’s email account, '
'exposing client data. Ameriprise faces a class action over a '
'ransomware attack by ShinyHunters, which compromised '
'Salesforce records and internal data.',
'impact': {'data_compromised': ['Names',
'Social Security numbers',
'Account details',
'Personally Identifiable Information (PII)',
'Internal data'],
'identity_theft_risk': 'Long-term identity theft and financial '
'fraud',
'legal_liabilities': ['Class Action Lawsuits'],
'operational_impact': 'No business disruptions (Ameriprise)',
'systems_affected': ['Email Account', 'Salesforce Records']},
'ransomware': {'data_exfiltration': '200GB of internal data (Ameriprise)'},
'references': [{'source': 'Class Action Lawsuit (Jennifer Collier vs. Cetera '
'Financial)'},
{'source': 'Class Action Lawsuit (Pamela Caffrey vs. '
'Ameriprise)'},
{'source': 'FINRA Financial Intelligence Fusion Center'}],
'regulatory_compliance': {'legal_actions': ['Class Action Lawsuits']},
'response': {'communication_strategy': 'Failed to notify victims (Ameriprise)',
'containment_measures': 'Breach contained (Ameriprise)'},
'threat_actor': ['ShinyHunters'],
'title': 'Financial Firms Face Class Action Lawsuits Over Data Breaches',
'type': ['Data Breach', 'Ransomware']}