Wealthsimple reveals data breach - users of financial firm warned to be on alert

News
By published

Financial giant suffers third-party attack

A hacker typing on a MacBook laptop with code on the screen.
(Image credit: Sora Shimazaki / Pexels)
  • Wealthsimple had a data breach via third-party software
  • Under 1% of users lost personal info, not passwords or funds
  • Affected users got alerts, protection, and security tips

One of Canada’s most popular fintech platforms has confirmed suffering a cyberattack which caused it to lose sensitive data on a small portion of its customers.

An announcement posted on Wealthsimple’s website said unnamed hackers compromised a “specific software package that was written by a trusted third party.”

The attack was spotted rather quickly, the company said, and was stopped before it could escalate, but the attackers still managed to steal personal data belonging to “less than 1%” of its clients.

Free identity theft monitoring

Since Wealthsimple has more than three million customers, that would put the number of affected individuals to no more than 30,000, all of whom may have lost personal information such as contact details, government IDs provided during the sign-up process, financial details and account numbers, IP addresses, Social Insurance Numbers, and dates of birth.

Passwords, or funds, were not accessed, and “all accounts remain fully secure,” Wealthsimple stressed.

The investment giant said it already notified all affected people via email, and offered two years of free credit and dark web monitoring, as well as identity theft protection and insurance. Law enforcement and relevant government bodies were notified, as well.

At the same time, the company urged users to protect themselves, suggesting 2FA with an authenticator app, heightened awareness to phishing and social engineering, and using unique, strong passwords across accounts.

Wealthsimple was founded in 2014 and currently holds around $60 million in assets under management (AUM). It offers numerous financial products, including an automated investing platform, commission-free stock and ETF trading apps, and a platform to trade cryptocurrencies.

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.