Data Breach

Ameriprise Data Breach March 2026 - What Was Exposed and What To Do

502,597 records exposed

The Ameriprise data breach exposed 502,597 records including Email addresses, Employers, Financial transactions, Job titles, Names, Phone numbers, Physical addresses. This breach has been verified by HaveIBeenPwned. Affected users should check HaveIBeenPwned.com and take immediate steps to protect their accounts.

What Happened

In March 2026, the financial services firm Ameriprise Financial was named by the ShinyHunters group in a "pay or leak" extortion campaign. The group claimed possession of more than 200GB of compressed data exfiltrated from Ameriprise's Salesforce environment and internal SharePoint infrastructure, and subsequently published the data after negotiations allegedly failed. The published data contained 500k unique email addresses as well as names, phone numbers, physical addresses and employer information. In their disclosure to state attorneys general, Ameriprise reported 47,876 affected people; the larger email address population represents contacts from Ameriprise's broader operational systems, including internal staff. Ameriprise further advised that they have "implemented heightened monitoring of your account(s) to include enhanced identity verification procedures".

Breach date
2026-03-02
Records affected
502,597
Verified
Yes
Domain
ameriprise.com

What Was Exposed

The following data types were included in the breach:

  • Email addresses
  • Employers
  • Financial transactions
  • Job titles
  • Names
  • Phone numbers
  • Physical addresses

What You Should Do

If you had an account with Ameriprise, take these steps immediately:

  1. Check if your account was affected at HaveIBeenPwned.com
  2. Watch for phishing emails that reference the breach or impersonate the affected company
  3. Contact your bank or card issuer to request a replacement card
  4. Review recent statements for unauthorized transactions
  5. Be alert for social engineering attempts using your exposed personal information
  6. Enable two-factor authentication on the affected service if available
  7. Consider using a password manager to generate unique passwords for each service

FAQ

Was my data in the Ameriprise breach?
Check HaveIBeenPwned.com to see if your email address was included in the Ameriprise breach. The breach exposed 502,597 records containing Email addresses, Employers, Financial transactions, Job titles, Names, Phone numbers, Physical addresses.
What should I do if my data was exposed in the Ameriprise breach?
Change your password on the affected service immediately. Enable two-factor authentication. If financial data or government IDs were exposed, place a fraud alert with credit bureaus and monitor your accounts for unauthorized activity.
When did the Ameriprise data breach happen?
The Ameriprise breach occurred on 2026-03-02. It was added to the HaveIBeenPwned database on 2026-05-26. The breach affected 502,597 accounts.

Need Incident Response?

Sherlock Forensics investigates data breaches for organizations. We determine scope of exposure, identify attack vectors, preserve evidence for legal proceedings and help you meet notification requirements.

Get Incident Response Help