CHICAGO – Ameriprise Financial Inc. (AMP) said Wednesday it has notified about 226,000 people that their names and other personal data were stored on a laptop computer that was stolen from an employee's vehicle.
Ameriprise said it has alerted 68,000 current and former financial advisers whose names and Social Security numbers were also stored on the same computer. About 158,000 clients had only their names and internal account numbers exposed. The company says it has more than 2 million customers and about 10,500 current financial advisers.
Minneapolis-based Ameriprise said it had received no reports that the data lost in the theft had been used improperly. Ameriprise is the name of the former American Express Financial Advisors division, which New York-based American Express Co. spun off last fall.
Ameriprise said the theft appeared to be a "random criminal act" and that it has been working with law enforcement to recover the laptop, which it said was stolen recently from an employee's locked vehicle that was parked offsite.
Company spokesman Steve Connolly said the laptop was stolen in late December outside Minnesota, but he declined to say where.
"We don't want to pinpoint the location because we don't want to compromise the ongoing investigation," Connolly said.
Ameriprise said there was no other client-identifying information on the computer such as Social security numbers, addresses, phone numbers or birth dates. The computer did not have data on accounts outside of Ameriprise, such as credit card numbers or bank account information.
It also said the client accounts could not be accessed with the information that was stored on the computer because Ameriprise does not allow access via account numbers alone without additional personal information provided only by the client.
Ameriprise is offering the affected current and former employees a free credit monitoring program for a year.
The federal government does not require companies to notify consumers when their private information has been compromised and could be used by identity thieves. Some states, including California do, and when large companies doing business in them comply with their laws, consumers around the country learn about the breaches.
Last summer, 40 million consumer accounts, primarily MasterCard and Visa accounts, were exposed to possible fraud due to a breach at Atlanta-based CardSystems Solutions Inc., which processes credit card and other payments for banks and merchants. Other companies that have faced recent problems with data theft or losses include Citigroup Inc., ChoicePoint Inc., LexisNexis Inc., Bank of America Corp., DSW Shoe Warehouse and BJ's Wholesale Club Inc.
According to the Federal Trade Commission, nearly 10 million people fall victim to identity theft each year, costing consumers $5 billion in losses and businesses nearly $50 billion.