Hackers threaten Ameriprise Financial with 200GB data leak

Published: 25 March 2026
Last updated: 26 March 2026
data-ameriprise-financial
Image by Cybernews.

The ShinyHunters hacker group has identified Ameriprise Financial as its latest victim, threatening to release hundreds of gigabytes of the firm's data if it doesn’t pay a ransom.

Key takeaways:
  • Hackers threaten Ameriprise Financial with data leak unless ransom paid by March 25, 2026 deadline.
  • Attackers claim possession of 200GB Salesforce customer data and SharePoint files stolen from financial services firm.
  • Ameriprise manages $1.17 trillion in assets and faces identity theft risks for customers if breach confirmed.
  • ShinyHunters exploits Salesforce vulnerability to target multiple firms including Bumble, Match, and investment advisors recently.
Key Takeaways by nexos.ai, reviewed by Cybernews staff.

After publishing a data breach claim of Ameriprise Financial on the dark web, ShinyHunters said: “This is a final warning to reach out by 25 Mar 2026 before we leak along with several annoying (digital) problems that’ll come your way.”

ADVERTISEMENT

“Make the right decision,” the notorious extortion gang urged the company, claiming it’s now in possession of Ameriprise Financial Salesforce records containing customer personally identifiable information and over 200GB of compressed SharePoint internal data.

Ameriprise Financial is a Minneapolis-based diversified financial services company providing wealth management, asset management, and retirement solutions. The company manages over $1.17 trillion in assets.

We’ve reached out to Ameriprise Financial for comment and will update this article once we receive a reply.

How dangerous is the alleged Ameriprise data breach?

According to Cybernews researchers, if there is customer PII present in the dataset – a sample of which isn’t provided, so it’s impossible to verify the claims – it puts the company at risk of identity theft and fraud.

“Besides, since Ameriprise specializes in financial planning, investment management, and similar services, there’s a risk that customer confidential financial data is exposed – as well as investment portfolios that could be used to manipulate the stock market,” our researchers explained.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us
ADVERTISEMENT

The data breach could cause legal consequences for Ameriprise, and its reputation would also be on the line, likely resulting in loss of clients.

The ransomware attack was reported to have occurred on March 22nd. It seems that ShinyHunters has once again used the data it pilfered during its infamous Salesforce heist last year.

If what they claim is true, the attackers must have gained access to Ameriprise’s Salesforce environment.

A data security incident wouldn’t actually be a new experience for the company. In April 2025, Ameriprise Financial informed thousands of its customers that an ex-employee’s mistake revealed their personal details.

Check if your data has been leaked

Find out if your email, phone number or related personal information might have fallen into the wrong hands.
18,611,353,922
Breached accounts
36,030
Breached websites

ShinyHunters’ attack spree

Meanwhile, ShinyHunters targeted Salesforce last year, threatening to target hundreds of its customers if the company refused to pay a ransom. The gang is also known for using social engineering to obtain login credentials from the target organization's staff.

The gang has been dominating headlines following several high-profile attacks on well-known companies.

ShinyHunters has recently claimed attacks against Bumble, dating apps Hinge, Match, and OkCupid, as well as two heavyweight US investment advisory firms – Mercer Advisors and Beacon Pointe Advisors.

Just this week, the gang threatened to reveal all data stolen from Infinite Campus, a widely used supplier of a popular Student Information System. The company admitted that an unauthorized actor managed to gain access to an employee’s Salesforce account.

ADVERTISEMENT
Has my data been leaked?
Check Now

Was Ameriprise Financial hacked by ShinyHunters?

ShinyHunters has claimed responsibility for breaching Ameriprise Financial, posting a threat on the dark web demanding a ransom by March 25th, 2026. The attackers allege they possess Ameriprise's Salesforce customer records and over 200GB of compressed SharePoint data. Ameriprise has not yet publicly confirmed or denied the breach.

Is my Ameriprise investment account or personal data at risk?

No sample data has been shared by the attackers, so the scope of exposed customer data cannot be independently verified at this time.

How did ShinyHunters gain access to Ameriprise's data?

The attack appears to leverage data stolen during ShinyHunters' Salesforce heist from last year, in which the gang threatened to target hundreds of Salesforce customers. The gang is also well known for social engineering attacks, impersonating IT support to trick employees into handing over login credentials.

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked