Financial Firms Face Class Action Lawsuits Over Data Breaches as FINRA Launches Cyber Threat Portal Cetera Financial and Ameriprise are the latest financial services firms embroiled in class action lawsuits over alleged data breaches, with customers accusing both companies of failing to safeguard sensitive client information. In a lawsuit filed by California resident Jennifer Collier, Cetera is accused of negligence after an unauthorized actor accessed an employee’s email account last summer. A subsequent review in January revealed that client data including names, Social Security numbers, and account details may have been exposed. The suit argues that Cetera’s security measures were inadequate, leaving affected clients vulnerable to long-term identity theft and financial fraud. Separately, Ameriprise faces a class action led by Pamela Caffrey, alleging a March 22 breach by the cybercriminal group ShinyHunters. The ransomware attack reportedly compromised Salesforce records containing personally identifiable information (PII) and over 200GB of internal data. Caffrey’s suit claims Ameriprise failed to notify victims, leaving them unaware of the exposure and at continued risk. The firm stated it contained the breach, confirmed no business disruptions, and asserted that the plaintiff’s PII was not impacted. Both incidents follow a string of recent breaches targeting financial firms, including Mercer Advisors, Hightower Advisors, and Edelman Financial Engines. Amid rising cyber threats, the Financial Industry Regulatory Authority (FINRA) has launched the Financial Intelligence Fusion Center, a secure portal for member firms to report and coordinate responses to cyber risks. Designed to provide actionable threat intelligence, the platform aims to bolster defenses, particularly for smaller firms lacking dedicated cybersecurity resources. FINRA CEO Robert Cook previously noted the center would leverage internal and external data to enhance risk mitigation.

Cetera Financial Group Discloses Data Breach Affecting Employee Email Account Cetera Financial Group, a San Diego-based network of independent financial advisors and broker-dealers, recently reported a data breach stemming from unauthorized access to an employee email account. The incident, detected after suspicious activity was identified, occurred between July 7 and August 21, 2025, though the company only confirmed the exposure of personal information on January 30, 2026. Notifications to affected individuals began on March 25, 2026, with 110 New Hampshire residents identified as potentially impacted. The total number of affected individuals nationwide remains undisclosed. Exposed data varied by individual but included names, Social Security numbers, driver’s license numbers, and financial account information. In response, Cetera Financial Group is offering complimentary credit and identity monitoring services through IDX for 12 or 24 months, depending on state regulations. Affected individuals must enroll by June 25, 2026, using a unique code provided in their notification letter. The company has also set up a dedicated call center (1-855-830-5994) and a mailing address for inquiries. The breach highlights a six-month gap between the initial unauthorized access and the confirmation of exposed data, followed by an additional two-month delay before notifications were sent.

The Maine Office of the Attorney General reported that on June 9, 2022, Cetera Financial Group (CFG) experienced a data breach involving unauthorized access to its third-party printing service provider, R.R. Donnelley & Sons Company. The breach occurred between November 29, 2021 and December 23, 2021 and potentially exposed the Social Security numbers of 2 Maine residents among a total of 2,188 affected individuals; CFG has offered 12 months of credit monitoring services through Experian to those impacted.

The California Office of the Attorney General reported a data breach involving Cetera Financial Group, Inc. on August 21, 2020. The breach occurred on April 6, 2020, when an unauthorized person accessed an employee's email account, potentially exposing personal information, although the exact number of individuals affected is unknown.