Canadian fintech giant Wealthsimple announced today that it has suffered a data breach, resulting in the unauthorized access of personal information belonging to a small fraction of its client base. The company stressed that all funds and accounts remain secure and that no passwords were compromised in the incident.
In a statement released Friday, Wealthsimple confirmed that the security incident was first detected on August 30th. The breach was traced back to a compromised software package created by a trusted third-party vendor.
The company reported that its security team, with assistance from external experts, contained the issue within a few hours of detection.
Wealthsimple Data Breach
According to Wealthsimple, the breach impacted “less than 1% of our clients.” The exposed data includes sensitive personal information such as contact details, government-issued IDs provided during sign-up, financial account numbers, Social Insurance Numbers (SIN), dates of birth, and IP addresses. The firm reiterated that no client funds were accessed or stolen during the brief period of unauthorized access.
Wealthsimple has already notified all affected individuals via email. In its public notice, the company stated, “If you did not receive an email from us about this, your data was not impacted. All emails have been sent as of 10:30 AM EST on September 5th.”
As part of its response, the company is offering two years of complimentary credit and dark-web monitoring services, along with identity theft protection and insurance, to every client whose data was involved.
A dedicated support team has also been established to handle inquiries from those affected. Wealthsimple confirmed it has reported the incident to all applicable privacy and financial regulators.
“We take the trust you put in us very seriously,” the company’s statement read. “We apologize to those clients whose data was accessed – and to all our clients, because threats to personal data can cause a lot of anxiety.”
While Wealthsimple has already enhanced its internal security protections against similar threats, it is urging all users to adopt additional security measures.
The company strongly recommends enabling two-factor authentication (2FA) with an authenticator app, remaining vigilant for potential phishing scams impersonating the company, and using strong, unique passwords for all online accounts.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
Source link
