Home > Security > Security News

Ameriprise Financial Data Breach: ShinyHunters Leaks 200GB, Over 502,000 Accounts Added to HIBP

Published
Written by:
Lore Apostol
Lore Apostol
Cybersecurity Writer
Identity Documents - Data Leak - Corporate Office
Summarize with:
ChatGPT logo ChatGPT Claude.ai logo Claude.ai Google AI logo Google AI Grok logo Grok Perplexity logo Perplexity
Google logo Add as preferred source on Google
Key Takeaways
  • Massive Data Exfiltration: ShinyHunters said it stole over 200GB of compressed data from Ameriprise Financial in Marc
  • Extortion Campaign Execution: After ShinyHunters leaked data post-negotiations, the company disclosed that approximately 48,000 individuals had been affected.
  • Widespread Account Impact: Breach notification service HIBP added 502,600 Ameriprise Financial affected accounts.

The March 2026 Ameriprise Financial data breach was officially added to Have I Been Pwned (HIBP) on May 26, 2026, and it reported that 502,600 accounts were affected. The ShinyHunters threat actor named the financial services firm in a targeted "pay or leak" extortion campaign, demanding payment to secure the stolen intelligence.

Ameriprise reported exactly 47,876 affected individuals in its regulatory disclosure, which stated that the data breach occurred on March 3 and was discovered on March 18. 

Ameriprise Financial Compromise

ShinyHunters claimed possession of more than 200GB of compressed data, reportedly exfiltrated this information directly from Ameriprise's Salesforce environment and internal SharePoint infrastructure. 

When negotiations between the firm and the extortionists allegedly failed, the group published the dataset online. The published data contained 500,000 unique email addresses, along with names, phone numbers, physical addresses, and employer information.

The larger email address population comprises contacts from Ameriprise's broader operational systems, including internal staff members, the breach notification service said. The compromised data categories identified by HIBP include:

Incident Response and Identity Verification

To secure the compromised environment and protect users, Ameriprise Financial stated that it has implemented heightened account monitoring, including enhanced identity verification procedures. 

The exposure of financial transactions and job titles provides threat actors with high-value material for targeted social engineering and secondary attacks.

This month, ShinyHunters claimed new breaches, including a 7-Eleven data breach exposing over 185,000 Accounts, a Woflow data breach affecting 448,000 accounts, and almost 120,000 accounts in a Vimeo intrusion.

Add a Comment
Related
‘UK Visa Portal’ Compromises 100,000 Applicant Passports and Biometric Data
KnowledgeDeliver LMS ViewState Deserialization Flaw (CVE-2026-5426) Exploited for Cobalt Strike Backdoor and Godzilla Malware Deployment
Chinese-Language Phishing Services Adopt AI and Real-Time MFA Bypass, GTIG Says
Dutch Authorities Seize 800 Servers Linked to Russian Cyberattacks, Arrest Two Individuals
Taiwan Cyber Incidents in 2025: Fake Messaging Apps, Custom Ransomware, Supply Chain Vulnerabilities
TrapDoor Supply Chain Attack Targets npm, PyPI, and Crates.io, Steals Credentials, Crypto
Most Popular
‘UK Visa Portal’ Compromises 100,000 Applicant Passports and Biometric Data
KnowledgeDeliver LMS ViewState Deserialization Flaw (CVE-2026-5426) Exploited for Cobalt Strike Backdoor and Godzilla Malware Deployment
Chinese-Language Phishing Services Adopt AI and Real-Time MFA Bypass, GTIG Says
Dutch Authorities Seize 800 Servers Linked to Russian Cyberattacks, Arrest Two Individuals
Taiwan Cyber Incidents in 2025: Fake Messaging Apps, Custom Ransomware, Supply Chain Vulnerabilities
TrapDoor Supply Chain Attack Targets npm, PyPI, and Crates.io, Steals Credentials, Crypto
‘UK Visa Portal’ Compromises 100,000 Applicant Passports and Biometric Data
KnowledgeDeliver LMS ViewState Deserialization Flaw (CVE-2026-5426) Exploited for Cobalt Strike Backdoor and Godzilla Malware Deployment
Chinese-Language Phishing Services Adopt AI and Real-Time MFA Bypass, GTIG Says
Dutch Authorities Seize 800 Servers Linked to Russian Cyberattacks, Arrest Two Individuals
Taiwan Cyber Incidents in 2025: Fake Messaging Apps, Custom Ransomware, Supply Chain Vulnerabilities
TrapDoor Supply Chain Attack Targets npm, PyPI, and Crates.io, Steals Credentials, Crypto

Most Popular
‘UK Visa Portal’ Compromises 100,000 Applicant Passports and Biometric Data
KnowledgeDeliver LMS ViewState Deserialization Flaw (CVE-2026-5426) Exploited for Cobalt Strike Backdoor and Godzilla Malware Deployment
Chinese-Language Phishing Services Adopt AI and Real-Time MFA Bypass, GTIG Says
Dutch Authorities Seize 800 Servers Linked to Russian Cyberattacks, Arrest Two Individuals
Taiwan Cyber Incidents in 2025: Fake Messaging Apps, Custom Ransomware, Supply Chain Vulnerabilities
TrapDoor Supply Chain Attack Targets npm, PyPI, and Crates.io, Steals Credentials, Crypto
‘UK Visa Portal’ Compromises 100,000 Applicant Passports and Biometric Data
KnowledgeDeliver LMS ViewState Deserialization Flaw (CVE-2026-5426) Exploited for Cobalt Strike Backdoor and Godzilla Malware Deployment
Chinese-Language Phishing Services Adopt AI and Real-Time MFA Bypass, GTIG Says
Dutch Authorities Seize 800 Servers Linked to Russian Cyberattacks, Arrest Two Individuals
Taiwan Cyber Incidents in 2025: Fake Messaging Apps, Custom Ransomware, Supply Chain Vulnerabilities
TrapDoor Supply Chain Attack Targets npm, PyPI, and Crates.io, Steals Credentials, Crypto

TechNadu keeps you informed with the latest in cybersecurity, VPNs, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2026 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: