A data breach that hit Ameriprise Financial last month affected nearly 48,000 people nationally, according to a notification that the firm filed with a state regulator Friday. Two putative class action lawsuits arising from the incident were dropped a week ago, court records indicate.
The breach occurred March 2 and Ameriprise discovered it 16 days later, the Maine attorney general's website reports.
A sample copy of letters sent to affected individuals explains that an unauthorized person "gained access to certain Ameriprise stored data and files, which may have included your personal information, and which we blocked upon discovery on March 18, 2026. We immediately launched an investigation with the help of external cybersecurity experts. We want to reassure you that no unauthorized transactions or movement of funds occurred as part of this incident."
The company offered affected individuals free credit and identity monitoring for 12 months.
"This relates to a recent incident that involved unauthorized access to certain stored data and files," an Ameriprise spokesperson told ThinkAdvisor by email Monday. "Importantly, there was no disruption to business operations. We are taking appropriate actions, including notifying the limited number of individuals with personally identifiable information (PII) impacts and offering them credit and identity monitoring."
Two putative class action complaints filed by the same law firm in U.S. District Court for the District of Minnesota were voluntarily dismissed last week without prejudice, suggesting that they could be refiled. A lawyer representing the plaintiffs didn't immediately respond to an email from ThinkAdvisor seeking comment Monday.
The lawsuits alleged that on a dark web leak site, a "notorious cybercriminal extortion group that engages in data theft and ransom schemes," ShinyHunters, threatened that records containing personally identifying information and over 200 gigabytes of compressed internal corporate data had been compromised. The suits said the leak occurred on or around March 22.
Ameriprise has reported several data breaches in the past year.
Credit: Sergey Nivens/Adobe Stock
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.