- Investments >
- Insurance >
- Banking and Lending >
Facts
Next Steps
Additional Questions
Facts:
What are the facts surrounding this incident and the risk to my personal information?
In late December, an Ameriprise Financial laptop computer was stolen from an offsite location. The computer contained a data file with names and some Ameriprise Financial account information of some of our clients. We have been working with our information security experts, and they have advised us that it is unlikely this incident will affect you., however in a situation like this, we wanted you to know the facts, as well as the actions we are taking to assist you in proactively protecting your personal information.
Can you provide more details on the theft (e.g. when and where it happened, whose laptop it was, etc.)
We have provided all the relevant details that we are able to share at this time. The release of additional details of the theft could inadvertently notify the thief of what the laptop contains as well as compromise the ongoing investigation and management of this incident.
Was it my advisor's fault? Did he have the laptop? Does my advisor have my information on his laptop and is it secure?
The incident involved the laptop computer of a corporate office employee not an advisor. Your financial advisor was not involved in the incident. Existing policies and procedures for advisor's computers restrict access to personal information and specify security controls for use, transfer and transport of such information. This unfortunate incident will provide an illustrative example to further reinforce past and current training initiatives and the need for strict adherence to our policies and procedures.
Does my advisor know? Why didn't he/she tell me?
We have communicated to advisors which of their clients are impacted by this incident. Due to the, notification requirements, time sensitive nature of and effort required to respond in this situation, the most compliant, practical and reliable approach was to send written notice directly to the affected individuals and then notify advisors of which clients were affected.
What is the likelihood that the thief was looking for personal financial information?
Based on what we know, especially the facts surrounding the theft, we believe this was a random criminal act and that it's very unlikely your information will be misused or even discovered. Since the theft occurred, we have not received any reports of unusual or unauthorized account activity as a result of this incident.
Is the information in the file enough for someone to access my accounts?
The data file in question contained names and some Ameriprise Financial account information. It is important to note that your name and account numbers alone are not enough information for someone to access or transact business in your Ameriprise accounts.
Was there information on any of my accounts outside of Ameriprise Financial on the computer?
No other personal identity information or data on accounts outside of Ameriprise were in the file.
Does this incident put me at increased risk of identity theft?
The file in question contains no personal identity information, such as social security number, passport number or driver's license number, that would normally be associated with identity theft.
What is being done to try to recover the computer?
We have been working closely with law enforcement authorities but have been unable to recover the laptop to date.
Why has so much time passed since the theft before I was notified?
The time that has passed since we were first notified of the theft was needed to recreate all of the lost information, determine the full lists of those affected and prepare the letters for mailing to affected individuals.
Why was this information on this computer to start with?
The employee needed the information to perform legitimate business analysis and reporting as part of their regular job. This particular employee's responsibilities included working directly with client information as part of our client assignment process. This includes clients who had an advisor change during the time period in question (July 2005-November 2005). That being said, the information should not have been removed from the corporate office on a laptop that was password-protected but without additional data security measures as required by company policy.
Was the information safeguarded? Does Ameriprise Financial have policies in place to prevent these types of incidents?
The laptop itself was password protected but the additional data security measures that are required by company policy were not implemented. Ameriprise Financial has written policies on both the security of equipment taken off premises and the proper security of client data which in this case were clearly violated by the employee.
Was the person/people responsible for this incident disciplined and/or fired?
The company completed an internal review of the incident and concluded that the information should not have been removed from the corporate office on a laptop without the proper data security measures in place as required by company policy. The employee was appropriately disciplined for this violation which in this case resulted in termination of employment.
If the risk of my information being used is low, why are you notifying me of the incident?
The facts surrounding this incident would have required us to notify clients in a handful of states. However, our policy on situations like this is to take a more proactive and complete approach by notifying all affected clients. We feel it's important that you know what has happened even though we believe the risk associated with the incident is very low.
Next Steps:
What steps is Ameriprise Financial taking to protect my accounts from being accessed?
We have implemented special notification messages for our service associates, informing them of the incident and instructing them to pay particular attention to anyone who tries to access these accounts without all the specific information necessary. Although it's part of our standard operating procedure, we have reminded them to follow normal authentication protocol and watch closely for any signs of fraudulent activity.
Can I still make transactions within my Ameriprise accounts while this process is going on?
Yes. If you need to make transactions within any of your Ameriprise accounts, you should contact your personal financial advisor or call the standard Brokerage or Service Delivery numbers as you normally do. The additional scrutiny we have added to the front end process does not impact your ability to do business with us.
Is there anything I should be doing to protect my accounts?
Although we believe, and industry research of similar cases suggests, the risk to your accounts is extremely low, you should monitor activity in your Ameriprise Financial accounts and read your client account statements when you receive them to make sure your accounts are in order.
Do I need to get credit monitoring or put security alerts in place with the credit bureau?
The nature of the data that was contained in the client file does not present a risk of identity theft. Credit monitoring and security alerts specifically protect against identity theft. We have taken extra precautions to watch for potential fraudulent activity in your Ameriprise accounts and you can monitor your own activity and clients statements to make sure your accounts are in order.
Will you change my account numbers?
This incident will not require us to change client account numbers. Your name and account numbers alone are not enough information for someone to access or transact business in your Ameriprise accounts. We believe that the process of placing special notification messages for our service associates, informing them of the incident and instructing them to pay particular attention to anyone who tries to access these accounts without all the specific information necessary, will provide sufficient protection.
Can I speak with someone directly about this incident?
If you have any additional questions or would like further assistance, you can call us at 1-877-267-7408. The operating hours for this number are Monday through Friday 7 a.m. to 6 p.m. Central Time.
What if I have specific questions about my Ameriprise accounts unrelated to this incident? Can you help me make transactions or close out my accounts?
If you have any concerns or questions about your accounts with us, or need to make changes or transactions within your accounts, please contact your personal financial advisor or call Service Delivery at 1-800-862-7919.
What are you doing to make sure this doesn't happen again?
Upon learning of this incident, our information security staff reviewed the matter and recommended corrective action for the business process that led to this incident to the business leader who supervises that activity. Those changes have been implemented. We routinely review and refresh our policies and procedures and offer periodic employee and advisor training on information security. This unfortunate incident will provide an illustrative example to further reinforce past and current training initiatives and the need for strict adherence to our policies and procedures.
Additional Questions:
A friend of mine received your letter and let me know about the incident but I have not received a letter; am I affected by this incident?
All clients whose information was contained in the file should have received a letter. If you have not received a letter and are concerned your mail may have been lost or misrouted, you may call us at 1-877-267-7408.
Is there anything else I need to know at this time?
The letter you have received and the information on the web page give you all the information on what the company is doing to respond to this incident and what you can do to help proactively protect your Ameriprise accounts. There is no further action required on your part. We apologize for any inconvenience this situation may cause you. We want to assure you that we take our responsibility to safeguard your personal information very seriously and are committed to protecting that information now and in the future.