The personal information of some Wealthsimple customers was accessed without authorization following an Aug. 30 security breach, the FinTech company revealed today.
Wealthsimple told BetaKit the incident affected “significantly fewer” than one percent of its 3 million customers, which would amount to fewer than 30,000 clients. All impacted accounts have been notified by email.
“All accounts remain secure, and no funds were accessed or stolen. We acted quickly and in a few hours the issue was contained,” the company said in a statement.
The personal information accessed included contact details, government IDs, financial account numbers, IP addresses, social insurance numbers, and dates of birth. No passwords were compromised, Wealthsimple said.
The Toronto-based FinTech firm said its team immediately started an investigation and found that the breach was related to a compromised software package from a third-party provider.
The company wouldn’t name the identity of the third-party vendor, but confirmed the incident was unrelated to software giant Salesforce. The United States (US)-based provider has been hit by several data theft attacks linked to the extortion group ShinyHunters.
Cybersecurity breaches have been on the rise in Canada in recent years, particularly through phishing and ransomware attacks. Forty-four percent of IT and cybersecurity professionals reported experiencing a cybersecurity attack in 2024, according to the Canadian Internet Registration Authority. Malware, or malicious software, made up half of these reported incidents.
RELATED: Wealthsimple acquires Fey to bolster its investment research capabilities
In a statement posted to its website, Wealthsimple apologized for the incident and said it was offering affected customers two years of free credit and dark-web monitoring, identity theft protection, and insurance. The company also said it has informed the relevant government regulators.
“If you’re worried about the security of your data, rest assured that Wealthsimple has already enhanced protections against any similar threats,” the company said.
Founded in 2014, Wealthsimple offers investing, cryptocurrency, tax filing, spending, and saving products, and is one of Canada’s most valuable private tech companies. Last week, the company announced it had acquired Montréal investment research platform Fey to boost its offerings.
Wealthsimple is majority-owned by Power Corporation of Canada and relies on partnerships with banks to offer services and hold and guarantee its deposits. The FinTech firm has amassed more than three million clients after achieving profitability in 2023.
Wealthsimple ended its second quarter this year with $84 billion CAD in total assets under administration, a nearly 94-percent jump compared to the same period last year.
In its statement, Wealthsimple encouraged customers to protect their data with two-factor account authentication, stay alert to phishing attempts, and never reuse passwords.
Disclosure: Wealthsimple vice-president of payments strategy and chief compliance officer, Hanna Zaidi, sits on BetaKit’s board of directors.
Feature image courtesy Wealthsimple