On September 13, 2022, Ameriprise Financial, Inc. filed official notice of a data breach with the Massachusetts Office of Consumer Affairs and Business Regulation after the company confirmed that sensitive information in its possession was subject to unauthorized access. According to Ameriprise, the breach resulted in the names, Social Security numbers and financial account numbers belonging to some clients being compromised. Recently, Ameriprise sent out data breach letters to all affected parties, informing them of the incident and what they can do to protect themselves from identity theft and other frauds.
Given the nature of the sensitive information leaked as a result of the Ameriprise data breach, anyone who receives a data breach letter from Ameriprise Financial is at a heightened risk of identity theft and other frauds.
More About the Ameriprise Financial Data Breach
News of the Ameriprise data breach is still developing, and the company has not yet publicly revealed what led to the breach. According to an official filing with the Massachusetts Office of Consumer Affairs and Business Regulation, the Ameriprise breach involved the names, Social Security numbers and account information of certain clients. This marks the fourth data breach that Ameriprise has reported with the Massachusetts Office of Consumer Affairs and Business Regulation in 2022.
While the company has yet to confirm the total number of individuals affected by the recent data security incident, it confirmed that there were at least 85 victims in Massachusetts alone. This number may increase dramatically as the company reports the breach to other state regulatory agencies.
On September 13, 2022, Ameriprise Financial sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
Additional Information About Ameriprise Financial, Inc.
Founded in 1894, Ameriprise Financial, Inc. is a financial services company based in Minneapolis, Minnesota. The company provides clients with a wide range of investment, banking, and insurance products focused on helping clients meet their investment, retirement, tax planning, and estate planning goals. Recently, the company reported having $1.2 million in assets under management and administration. Ameriprise is publicly traded on the New York Stock Exchange under the ticker symbol “AMP.” Ameriprise Financial employs more than 12,000 people and generates approximately $13 billion in annual revenue.
How Do Data Breaches Happen?
Data breaches are becoming more common. Just over a decade ago, in 2021, there were an estimated 419 data breaches reported. However, last year, there were 1,862 breaches reported—more than four times the number from a decade prior. However, despite the fact that more than 189 million people were affected by a data breach in 2021, many consumers and businesses underestimate the harm these incidents can cause.
Why are data breaches on the rise? The answer, simply put, is that they generate millions of dollars of illegal revenue for hackers. The reason hackers and cybercriminals carry out data breaches is to obtain sensitive consumer information they can use—either to commit fraud against the victims or to sell the stolen information to a third party.
There are a few different ways hackers can orchestrate a data breach. Most data breaches involve either malware or ransomware attacks. Malware is short for malicious software, which is a program that is intended to disrupt a company’s computer system. Most malware programs are designed to transmit information contained on a company’s network back to the hackers. For example, hackers may orchestrate a data scraping attack by installing malicious code on an e-commerce site to skim consumers' credit card information as they make a purchase.
Another way hackers steal consumer information is through a ransomware attack. Ransomware attacks use a specific type of malware that encrypts some or all of the company’s files, preventing them from accessing their network. When company employees try to get logged back into their computers, they are met with a message from the hackers demanding they pay a ransom. If the company doesn’t pay the ransom, the hackers may refuse to grant access to their company’s network. More recently, hackers have also started to threaten to leak stolen information on the dark web if a ransom goes unpaid.
While these two types of cyberattacks differ, the end result is always the same: hackers end up in possession of sensitive consumer information that was entrusted to a company. While hackers obtain all types of data, they usually target those data types which are most profitable, including:
Bank account numbers,
Credit and debit card numbers,
Protected health information, and
Social Security numbers.
Given the importance of this information—and how easy it is for hackers or other criminals to steal a victim’s identity—it is essential that companies take their data security responsibilities seriously. Similarly, it is imperative that data breach victims understand their rights as well as what they can do to protect themselves in the event of a data breach.
While there may not be anything you can do to prevent a breach in the first place, there are steps you can take after learning about a breach to protect yourself. As we’ve discussed in previous posts, you may also be able to pursue a claim for compensation against the company for leaking your information.