Tens of millions of pounds of investment portfolios were revealed in the Ameriprise data leak
data protection

Data Leak Lawyers - Begin Your Data Breach Claim Today!

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Tens of millions of pounds of investment portfolios were revealed in the Ameriprise data leak

Not all data breaches stem from hacking; sometimes it just leaks out.

An employee working at financial planning giant Ameriprise unintentionally exposed personal information of customers, which included hundreds of investment portfolios worth tens of millions of pounds.

So you can say this is a big leak.

Discovery of the Ameriprise data leak

The data leak was discovered by Chris Vickery, a lead researcher for the security team at MacKeeper. Vickery noticed that the system was exposed while performing a random scan. The data was found on a network storage device at the employee’s home, which was set to synchronise over the internet with his backup drive at the office.

When Vickery found the chunk of data, he alerted and supplied the data to the company. One investment portfolio that was leaked involved a Massachusetts couple who had over £1 million in retirement funds. The portfolio also contained highly sensitive notes and letters which detailed the couple’s future plans.

What personal information was leaked?

Alarm bells are going off here as there was neither a secure backup system nor a password at the employee’s drive at home. This would’ve allowed almost anyone a full view of the sensitive information stored on his drive.

The information stored on the drive included social security numbers, bank accounts, and financial planning data on around 350 ‘high-value’ clients. The information leaked wasn’t restricted to just clients, and also contained personal information belonging to the employee, including a backup of his password manager’s data.

The database was found on Shodan, a search engine for open and unsecured databases for devices connected to the internet. As was the case for the employee’s drive.

Responsibility of the employee or the company?

The employee hasn’t been named, but his clients will be notified of the breach by the company. This could be because Ameriprise is one of the largest companies in America, if the employee was named, this could tarnish the reputation of that specific branch/franchise.

Ameriprise are taking the data leak very seriously given the tight regulations it has to abide by. As they retrieve both of the backup drives and examine them in an internal lab, I’m sure that they’ll come under fire for why the backup was left unprotected to start with. This highlights the lack of regulation that they have and/or the lack of enforcement powers on employees.

Employee blames the company

The employee blames the company for providing him with the office backup drive. However, the company denies this, saying: “we provide a secure online storage solution for this information”. When working from home, employees are required to file and sign an information security policy, which explains how the employees are responsible for safeguarding client information. Ironically, this was one of the documents that was exposed.

Regardless of whether it was the employee or the company at fault, both of them have the responsibility to ensure that their client’s personal information is stored securely. This is even more important where tens of millions of pounds of investment portfolios are at stake.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy
Contact is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon