Ameriprise Financial, a US-based financial services company providing wealth management and investment services, has been listed by the hacking group ShinyHunters as a target of an alleged data breach, according to security monitoring reports and threat intelligence sources.
The group claimed it had accessed and extracted data from the company’s systems and added Ameriprise to its leak site, where victims are typically named as part of extortion attempts. According to breach monitoring data, the alleged dataset linked to the incident is estimated to be around 200 GB.
ShinyHunters is known for data theft and extortion campaigns in which stolen information is used as leverage to demand payment from targeted organisations. The group has previously carried out attacks against companies across multiple sectors, including financial services, often relying on social engineering and credential theft techniques to gain access to systems.
At the time of reporting, there has been no public confirmation from Ameriprise Financial regarding the breach or the claims made by the attackers. Security researchers note that listings on leak sites are sometimes posted before incidents are independently verified, and the full scope of any potential exposure remains unclear.
Recent activity linked to ShinyHunters has involved campaigns targeting enterprise authentication systems and cloud services. Investigations into similar incidents have found that attackers often use methods such as voice phishing to obtain login credentials and bypass multi-factor authentication, allowing access to connected corporate platforms.
The alleged Ameriprise incident follows a series of breaches attributed to the group in 2026, affecting organisations in sectors including finance, technology, and consumer services. In many cases, attackers have focused on extracting data rather than encrypting systems, with the objective of pressuring companies through the threat of public disclosure.
No details have been confirmed regarding the type of data potentially involved in the Ameriprise case, and it remains unclear whether customer information, internal records, or other data categories are included in the claimed dataset. Investigations into the incident are ongoing.