Ameriprise
EVIDENCE FILE
CASE CONTEXT
This TRACED record summarizes the public breach profile for Ameriprise. The file tracks the known incident date, the date the breach surfaced publicly, the estimated account exposure, and whether Have I Been Pwned currently marks the case as verified. It is written for quick risk review, source attribution, and follow-up checks by people who need a plain-English view of what was exposed.
The reported data classes include Email addresses, Employers, Financial transactions, Job titles. If the case includes passwords, reused credentials should be treated as compromised and replaced anywhere they were used. The password checker on TRACED uses the Have I Been Pwned k-anonymity range API so the full password is never sent off the device.
Each case page is intentionally narrow: it separates the public incident record from account recovery advice, keeps the source data visible, and avoids collecting visitor identifiers. Use it as a starting point for reviewing exposure, then confirm account-specific impact with the affected service and your password manager.
RISK REVIEW
The affected data classes for Ameriprise are listed as Email addresses, Employers, Financial transactions, Job titles, Names, Phone numbers, Physical addresses. TRACED repeats those fields in plain language because the practical response depends on the type of information exposed. Email addresses and usernames can support phishing or account enumeration, profile data can help with impersonation, and financial or government identifiers require a more careful fraud review.
Have I Been Pwned currently marks this breach as verified, which means the service has reviewed the incident record against its source standards. The breach date is recorded as MAR 2026, and the exposure estimate is 502,597 accounts. Those numbers describe the public incident record, not a guarantee that a specific visitor had an account in the service or that every exposed record contained the same fields.
This public record does not list passwords among the exposed data classes. It can still support phishing, account recovery abuse, or identity profiling when combined with other breach records. HIBP does not mark this breach as sensitive, but the exposed data can still matter if it helps attackers identify, profile, or credential-stuff affected users. For personal cleanup, start with password reuse, two-factor settings, recovery email security, and alerts from the affected service. For research, use the case file as a source pointer and compare it with the original HIBP entry before citing exact impact.
DISCOVERY GAP
2 months passed before this incident was disclosed.