</>ScanMyVibe
SCAN FREE
← BREACH ALERTS
HIGH2026-03-02via haveibeenpwned

🚨 Ameriprise Breach — 503K Accounts Exposed

Ameriprise suffered a data breach affecting 503K accounts. Here's what happened, what data was exposed, and what you should do right now.

502,597
ACCOUNTS
HIGH
SEVERITY
7
DATA TYPES

What Happened

In March 2026, the financial services firm Ameriprise Financial was named by the ShinyHunters group in a "pay or leak" extortion campaign. The group claimed possession of more than 200GB of compressed data exfiltrated from Ameriprise's Salesforce environment and internal SharePoint infrastructure, and subsequently published the data after negotiations allegedly failed. The published data contained 500k unique email addresses as well as names, phone numbers, physical addresses and employer information. In their disclosure to state attorneys general, Ameriprise reported 47,876 affected people; the larger email address population represents contacts from Ameriprise's broader operational systems, including internal staff. Ameriprise further advised that they have "implemented heightened monitoring of your account(s) to include enhanced identity verification procedures".

Impact

  • Affected accounts: 503K
  • Data exposed: Email addresses, Employers, Financial transactions, Job titles, Names, Phone numbers, Physical addresses
  • Severity: HIGH
  • Source: [haveibeenpwned](https://haveibeenpwned.com/PwnedWebsites#Ameriprise)

    • What You Should Do

    If you have an account with Ameriprise, take these steps immediately:

  • **Change your password** — Use a unique, strong password (16+ chars with mixed case, numbers, symbols)
  • **Enable 2FA** — Turn on two-factor authentication if available
  • **Check your email** — Search for breach notifications from Ameriprise
  • **Monitor your accounts** — Watch for unauthorized access on any service where you reused the same password
  • **Scan your site** — If you run a website, [run a free ScanMyVibe scan](https://scanmyvibe.co/scan) to check if your own security headers and configurations protect against common attack vectors

    • Is Your Website Secure?

    Data breaches often exploit weak security configurations — missing Content-Security-Policy headers, misconfigured CORS, exposed API keys. These are exactly the issues ScanMyVibe detects in under 30 seconds.

    [Scan your site free →](https://scanmyvibe.co/scan)

    Timeline

  • 2026-03-02 — Breach reported
  • 2026-03-02 — ScanMyVibe breach alert published
  • Ongoing — Investigation in progress

    • This article is auto-generated by ScanMyVibe's breach monitoring system. Sources are verified but details may evolve as investigations progress. Last updated: 2026-05-26.

    IS YOUR SITE NEXT?

    Scan your website for the same vulnerabilities that cause breaches like this one.

    SCAN FREE — 150+ CHECKS