Ameriprise Advisor Services, Inc. (formerly H&R Block Financial Advisors) notified the Maryland Attorney General’s Office on December 24 of a breach involving a third-party vendor.
According to the notification (pdf), AASI uses a third-party vendor to provide clients with online access to their accounts (usernames and passwords). The unnamed vendor notified them on December 17 that there had been an intrusion into part of the online system that might have permitted access to client information such as name, address, account holdings, and balance. The nature of the intrusion was not described. Nor was there any indication as to how long the problem may have existed.
For clients who had enabled online fund transfers, the information might also have included their financial institution account and routing number. If clients access tax information online, their tax identification information may also have been exposed.
AASI reported that as of the date of the notification, it had no indication that any information had been viewed or accessed. The web site was taken down as soon as the problem was detected.
AASI offered those affected free credit monitoring services. The total number of clients affected was not indicated, but there 522 residents of Maryland being notified.