AFSL A.I CyberSecurity Scoring
AFSL
Company Information
Website:http://www.ameriprise.com/?cid=LinkedInHome
Employees number:17,552
Number of followers:218,937
NAICS:52
Industry Type:Financial Services
Homepage:ameriprise.com
AFSL Risk Score (AI oriented)
Between 0 and 549
AFSLFinancial Services
Updated:
19/05/2026
19/05/2026
531/1000
Critical
C
AFSL Global Score (TPRM)
xxxx
AFSLFinancial Services
Score locked

AFSLCritical
Current Score
531C (CRITICAL)
01000
10 incidents
-58 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
537
JUNE 2026
536
MAY 2026
545
APRIL 2026
540
MARCH 2026
589
Breach
02 Mar 2026 • AFSL
Ameriprise Financial: Ameriprise Discloses Second Data Breach in Less Than Six Months
Ameriprise Financial Second Data Breach in Six Months
532
CRITICAL-57
AME1776789651
Ameriprise Financial Hit by Second Data Breach in Six Months, Impacting Nearly 50,000 Clients
Ameriprise Financial has disclosed a second data breach in less than six months, exposing the personal information of nearly 50,000 individuals. According to a filing with Maine state regulators on April 17, the breach occurred between March 2 and 18, compromising names and other "personal identifiers" of 47,876 people, including 335 Maine residents.
In a letter to affected clients, Ameriprise’s Director of Compliance, Jennifer Swihart, confirmed that an unauthorized individual accessed stored data and files. The company responded by blocking the intruder, launching an investigation with external cybersecurity experts, and offering free identity protection services to impacted customers. Ameriprise emphasized that no unauthorized transactions or fund movements occurred, and business operations remained unaffected.
The breach follows a December 2023 incident in which a phishing attack targeted one of the firm’s advisors, potentially exposing 598 individuals. That attack involved a fraudulent email disguised as a legitimate client communication. While Ameriprise found no evidence of data misuse in that case, it issued precautionary notifications to affected clients.
Ameriprise, a Minneapolis-based broker-dealer with approximately 10,000 advisors, has not disclosed how the latest breach occurred. The company previously highlighted its multi-layered security measures and an "online security guarantee" protecting against unauthorized fund transfers. Both incidents underscore ongoing cybersecurity challenges for financial services firms.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
FEBRUARY 2026
589
JANUARY 2026
581
DECEMBER 2025
577
NOVEMBER 2025
623
Breach
11 Nov 2025 • AFSL
Ameriprise Financial Services and LLC: Ameriprise Data Breach Exposes SSNs & Financial Details
Ameriprise Financial Services Data Breach
573
CRITICAL-50
AME1767368489
Ameriprise Financial Data Breach Exposes Sensitive Client Information
On August 26, 2025, Ameriprise Financial Services, LLC, a major U.S. financial services provider, detected a data breach stemming from a phishing attack on November 11, 2024. The incident compromised personally identifiable information (PII) and protected health information (PHI) of hundreds of current and former clients, including at least 411 Texas residents and individuals in Maine and Massachusetts.
The breach occurred when an unauthorized actor gained temporary access to client data through a phishing attack targeting an advisor’s office staff member. Exposed information included names, addresses, Social Security numbers, dates of birth, driver’s license numbers, financial account details, and in some cases, medical records and dependent information.
Ameriprise reported the breach to the Maine Attorney General’s office on September 11, 2025, followed by notifications to New Hampshire and Massachusetts on December 22, 2025, and Texas on December 29, 2025. Affected clients were notified via U.S. Mail on September 8, 2025.
In response, Ameriprise confirmed the deletion of exposed data by unintended recipients and implemented enhanced security measures, including stricter verification procedures for account requests. The company is offering one year of complimentary credit monitoring and identity restoration services through Equifax Complete Premier to impacted individuals.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
NOVEMBER 2025
640
Cyber Attack
10 Nov 2025 • AFSL
Cetera Financial, Ameriprise, Hightower Advisors, LPL Financial and Edelman Financial Engines: LPL Financial Reports Cybersecurity Breach
LPL Financial Cybersecurity Breach Affecting 1,581 Clients
573
CRITICAL-67
AMEHIGLPLEDE1777062318
LPL Financial Reports Cybersecurity Breach Affecting 1,581 Clients
LPL Financial disclosed a cybersecurity incident that led to unauthorized securities transactions and financial transfers in some client accounts. The breach, which occurred on November 10, 2025, was discovered 10 days later and reported to Maine’s Attorney General.
The attack stemmed from malware distributed via phishing messages, compromising a limited number of financial advisors’ devices and granting unauthorized access to LPL’s web-based advisor portal. While the firm found no direct evidence that sensitive client data was accessed, it could not rule out the possibility. A total of 1,581 clients were affected, including two in Maine.
Upon discovery, LPL halted the unauthorized activity, secured affected accounts, and restored impacted accounts to their original financial positions. The firm also contacted law enforcement, conducted an internal investigation, and implemented new technical safeguards to strengthen security. No ongoing compromise was detected. Affected clients were offered two years of complimentary Experian credit monitoring.
This incident follows a separate October 2025 breach at LPL, where foreign threat actors exploited advisor accounts in a "hack pump-and-dump" scheme to manipulate stock prices. LPL is among several financial firms including Cetera Financial, Ameriprise, Hightower Advisors, and Edelman Financial Engines targeted by cybercriminals in recent months. The ShinyHunters extortion group, linked to breaches at Ameriprise and Mercer Advisors, has been a recurring threat in these attacks. Many of these incidents have been exposed through class action lawsuits alleging inadequate data protection.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
OCTOBER 2025
638
SEPTEMBER 2025
634
AUGUST 2025
631
APRIL 2025
665
Breach
29 Apr 2025 • AFSL
Ameriprise Financial Services, LLC
Data Breach at Ameriprise Financial Services, LLC
616
HIGH-49
AME449072625
The Minnesota Office of the Attorney General reported a data breach involving Ameriprise Financial Services, LLC on May 5, 2025. The breach occurred on April 29, 2025, when an advisor mistakenly sent a document containing personal information, including names, addresses, and Social Security numbers, to their personal email account. The number of affected individuals is currently unknown.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
AUGUST 2024
721
Breach
17 Aug 2024 • AFSL
Ameriprise Financial: Client information data breach costs Fidelity $1.25 million in Massachusetts fine
Fidelity Brokerage Services Cyberattack
641
CRITICAL-80
AME1777303499
Fidelity Brokerage Services Hit by Three-Day Cyberattack in August 2024, Exposing Sensitive Customer Data
In August 2024, Fidelity Brokerage Services suffered a three-day cyberattack that exposed the personal and financial data of approximately 77,000 customers, including passport details, driver’s license numbers, Social Security numbers, credit card information, and medical records. The breach, which occurred between August 17 and 19, was the result of a vulnerability in Fidelity’s online access controls, allowing unauthorized access to a document repository.
A bad actor exploited a flaw in the system’s "Image ID" parameter, enabling them to manipulate browser URLs to view other customers’ documents. While Fidelity detected and halted the breach within days, the Massachusetts Secretary of the Commonwealth, William Galvin, issued a $1.25 million fine against the firm for failing to enforce adequate cybersecurity measures. The consent order revealed that Fidelity’s security policies were not properly enforced, allowing users to access documents beyond their own accounts.
The breach affected not only Fidelity customers but also beneficiaries and relatives, including minors, whose data was compromised. While Fidelity notified impacted customers, it failed to alert all affected individuals, including non-customers whose information was exposed.
Fidelity stated that no customer accounts or funds were accessed during the incident and that there has been no evidence of identity theft or fraud resulting from the breach in the nearly two years since. The company has since taken steps to remediate the issue and strengthen its security protocols. The incident adds to a growing list of financial firms targeted by cyberattacks in recent years, including LPL Financial and Ameriprise Financial, which have also reported data breaches.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
JANUARY 2023
729
Breach
19 Jan 2023 • AFSL
Ameriprise Financial Services, LLC
Data Breach at Ameriprise Financial, Inc.
681
MEDIUM-48
AME300072525
The Maine Office of the Attorney General reported a data breach involving Ameriprise Financial, Inc. on January 23, 2023. The breach occurred on January 19, 2023, due to inadvertent disclosure of a personal email containing sensitive information, affecting 2 individuals, specifically involving Social Security Numbers. Identity theft protection services were offered for one year at no charge, administered by EZ Shield, Inc.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
JUNE 2022
765
Breach
01 Jun 2022 • AFSL
Ameriprise Financial Services, LLC
Ameriprise Financial Data Breach
716
CRITICAL-49
AME223321022
Ameriprise Financial, Inc. suffered a data breach after an unauthorized party gained access to its computer network.
The breach compromised sensitive consumer data including the names, Social Security numbers and account numbers of certain clients.
Ameriprise reported the breach to the authorities and also informed the affected parties.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
JANUARY 2020
730
Breach
01 Jan 2020 • AFSL
Fidelity Investments, LPL Financial, Mercer and Ameriprise Financial: Fidelity's $2.5M Data Breach Settlement: What Clients Should Know
Fidelity Investments Data Breach and Fine
663
CRITICAL-67
FIDLPLAMEMER1779194480
Fidelity Fined $1.25M Over Data Breach as Financial Sector Faces Rising Cybersecurity Risks
A recent data breach at Fidelity Investments has resulted in a $1.25 million fine, highlighting growing cybersecurity vulnerabilities in the financial services sector. The breach, which exposed sensitive client information, was part of a broader pattern of cyber incidents affecting major firms, including Ameriprise Financial and Mercer, both of which have faced legal and regulatory repercussions.
Key Details:
- Fidelity’s Breach & Fine: The company was penalized for failing to adequately protect customer data, though specifics of the breach such as the number of affected individuals remain undisclosed. The fine follows a separate $2.5 million settlement related to an earlier incident.
- Ameriprise Breach: Nearly 48,000 clients were impacted by a data exposure, though the company has not released full details on the cause or scope.
- Mercer’s Legal Challenges: The consulting firm is facing lawsuits over a data breach, underscoring the legal and financial risks of cybersecurity failures.
- LPL Financial Incident: A phishing attack led to unauthorized transactions, demonstrating how social engineering remains a persistent threat to financial institutions.
Broader Impact:
These incidents reflect escalating cyber threats targeting wealth management, investment advisory, and insurance firms. Regulatory scrutiny is intensifying, with fines and legal actions serving as a warning to the industry. The breaches also raise concerns about the exposure of Social Security numbers, client financial records, and other sensitive data, which could lead to identity theft or fraud.
As financial firms grapple with evolving cyber risks, the fallout from these breaches underscores the need for stronger security measures and compliance protocols.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
NOVEMBER 2019
776
Breach
18 Nov 2019 • AFSL
Ameriprise Financial Inc.
Data Breach at Ameriprise Financial Inc.
728
MEDIUM-48
AME433071725
The Indiana Office of the Attorney General reported a data breach involving Ameriprise Financial Inc. on November 20, 2019. The breach occurred on November 18, 2019, affecting a total of 1 individual. The breach involved the unauthorized access to personal information, which could potentially lead to financial or reputational damage.
INCIDENT DETAILS -
TYPE
REFERENCES
JANUARY 2018
810
Breach
01 Jan 2018 • AFSL
Ameriprise Financial, Inc.
Ameriprise Financial Data Breach
757
HIGH-53
AME929072525
The Maine Attorney General's Office reported a data breach involving Ameriprise Financial on April 16, 2025. The breach, discovered on January 27, 2025, was due to insider wrongdoing and potentially affected 4,623 individuals, including 81 residents of Maine. The compromised information included personal data shared by a former advisor during a transition to a different financial firm.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for AFSL ??
What was AFSL's A.I Rankiteo Cyber Score in June 2026 ??
What was AFSL's A.I Rankiteo Cyber Score in May 2026 ??
What was AFSL's A.I Rankiteo Cyber Score in April 2026 ??
What was AFSL's A.I Rankiteo Cyber Score in March 2026 ??
What was AFSL's A.I Rankiteo Cyber Score in February 2026 ??
What was AFSL's A.I Rankiteo Cyber Score in January 2026 ??
What was AFSL's A.I Rankiteo Cyber Score in December 2025 ??
What was AFSL's A.I Rankiteo Cyber Score in November 2025 ??
What was AFSL's A.I Rankiteo Cyber Score in October 2025 ??
What was AFSL's A.I Rankiteo Cyber Score in September 2025 ??
What was AFSL's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on AFSL's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with AFSL ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view AFSL's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?