Ameriprise Financial disclosed a data breach that exposed the personal information of nearly 48,000 customers across the United States. The incident originated on March 2, 2026, and was detected by the company on March 18, 2026, according to a filing with the Maine attorney general. Upon discovery, Ameriprise blocked the unauthorized access and engaged outside cybersecurity experts to investigate the breach [1].
The company stated that no money was stolen, and there were no unauthorized transactions or disruptions to business operations. However, the breach involved access to 'certain stored data and files,' which may include names, addresses, financial account details, and potentially Social Security numbers or other identifiers, depending on the individual [1].
Court filings related to the incident revealed that the hacking group ShinyHunters claimed responsibility and threatened to release more than 200 gigabytes of internal data. Although two lawsuits were filed in connection with these claims, both were later dropped without prejudice, leaving open the possibility of future legal action [1].
Ameriprise responded by notifying affected individuals and offering credit and identity monitoring services. The company emphasized that business operations were not disrupted and that appropriate actions were being taken to address the situation. Notably, Ameriprise has experienced multiple data security incidents in recent years, which may heighten concerns among its customer base [1].
CONCLUSION
The Ameriprise data breach has raised significant concerns about customer data security, despite the company's assurances that no funds were stolen and operations were unaffected. With nearly 48,000 individuals impacted and ongoing legal uncertainties, the incident underscores the persistent risks and reputational challenges financial firms face in safeguarding sensitive information.