Cyber Incident Victim: Ameriprise Financial, Inc.
Date:
Mar 2026
Location:
United States of America
Summary
Ameriprise Financial disclosed a data breach that exposed personal information of approximately 48,000 customers after detecting unauthorized access to stored data and files roughly two weeks after the intrusion began. The company reported that no funds were transferred and business operations continued without interruption, but the accessed data may have included names, addresses, financial account details and, in some cases, Social Security numbers or other identifiers. Affected individuals were notified and offered credit and identity monitoring services. This incident adds to a series of prior data security events reported by the firm.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 2, 2026, unauthorized access to Ameriprise Financial's stored data and files began, according to the company's timeline. The intrusion remained undetected until March 18, 2026, when Ameriprise identified the breach and reported it in a filing with the Maine attorney general. Upon detection, the company immediately blocked the unauthorized access and engaged external cybersecurity experts to conduct an investigation. The breach was disclosed publicly in February 2026, as noted in the article dated March 2, 2026.
The breach exposed personal information of approximately 48,000 individuals across the United States. Notification letters indicated that the accessed data may include names, addresses, financial account details, and in some cases Social Security numbers or other identifiers. Ameriprise stated that no unauthorized transactions or movement of funds occurred as a result of the incident. The company also confirmed that business operations continued without disruption during and after the breach.
In response, Ameriprise began notifying the affected individuals whose personally identifiable information was impacted and offered them credit and identity monitoring services. A spokesperson for Ameriprise told CyberGuy that the company was taking appropriate actions, including the notifications and monitoring offerings. The firm noted that it has experienced multiple data security incidents over the past several years, providing context for the current event. No further details about the attacker's identity or motives were disclosed in the available sources.