A former Ameriprise Financial client has sued the advisory firm over an alleged recent data breach, accusing the company of failing to notify victims that cybercriminals compromised their private information.
The proposed class action lawsuit, filed last week in U.S. District Court for the District of Minnesota, seeks damages and other monetary relief over the incident and accuses Ameriprise of breach of fiduciary duty and other violations.
Plaintiff Pamela Caffrey, who lives in New Jersey, alleges that on a dark web leak site, a "notorious cybercriminal extortion group that engages in data theft and ransom schemes," ShinyHunters, threatened that records containing personally identifying information and over 200 gigabytes of compressed internal corporate data have been compromised.
"Despite the Data Breach occurring on or around March 22, 2026, to date, Defendant has inexplicably failed to notify the victims of the Data Breach that their Private Information has been compromised by ShinyHunters ransomware group," the complaint alleges.
"Thus, most, if not all Class Members do not know that their Private Information has been compromised, and that they are, and continue to be, at significant risk of identity theft and various other forms of personal, social, and financial harm."
The private information compromised in the breach contained highly sensitive client data, "representing a gold mine for data thieves," the suit states. "The data includes, but is not limited to, sensitive client information collected and maintained by Ameriprise, such as full names, addresses, Social Security numbers, financial account details, financial records, and other highly confidential and private information."
Ameriprise has reported several data breaches to authorities, including the Maine attorney general's office, the most recent resulting in a Feb. 6 notification to affected consumers. The Maine website that collects such reports shows nothing for a March 22 breach involving Ameriprise.
In a statement sent to ThinkAdvisor on Monday, the company said: "We recently experienced an incident involving unauthorized access to certain stored data and files. We blocked the unauthorized access, and outside forensic experts have confirmed this. Importantly, there has been no disruption to business operations, and clients and advisors have secure access to our systems and sites.
"In any instance when personally identifiable information (PII) is impacted, we would provide notice in keeping with our regulatory responsibilities. We're confident that the PII of the individual who filed the suit was not impacted."
The Migliaccio & Rathod law firm, which doesn't represent Caffrey in the case, wrote in a post on its website last week that on March 22, "dark web monitoring sites reported that Ameriprise Financial, Inc. had been named as a victim of a data breach. Little information is available yet about the nature of the breach or the information that may have been involved, but the affected information is believed to include the sensitive data forms and personally identifiable information."
Credit: Sergey Nivens/Adobe Stock
© Touchpoint Markets, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.