Wealthsimple, one of Canada’s leading financial technology platforms, confirmed a data breach affecting a small fraction of its users. The attack, which targeted a “specific software package” developed by a trusted third party, compromised sensitive personal information for less than 1% of the company’s client base.
In a statement posted on its website, Wealthsimple noted that while the breach was identified and contained promptly, the attackers managed to steal data belonging to around 30,000 customers. The company has reassured clients that passwords and funds remain secure, and that “all accounts are fully secure.”
Details of the Breach
Wealthsimple has over 3 million customers, which means that the data of approximately 30,000 individuals was exposed. The compromised information includes personal details such as contact information, government-issued IDs submitted during the sign-up process, financial data, account numbers, IP addresses, Social Insurance Numbers, and dates of birth.
The company has taken immediate action by notifying affected users via email. Each individual is offered two years of free credit monitoring, dark web monitoring, identity theft protection, and insurance. Additionally, law enforcement and relevant government agencies have been informed of the incident.
Protective Measures for Users
In light of this breach, Wealthsimple has urged all customers to enhance their online security. The firm recommends enabling two-factor authentication (2FA) using an authenticator app, increasing vigilance against phishing attempts and social engineering tactics, and using unique, strong passwords across different accounts.
Founded in 2014, Wealthsimple manages approximately $60 billion in assets and provides various financial services, including automated investment platforms and commission-free trading applications. The breach serves as a reminder of the ongoing cybersecurity challenges faced by fintech companies and the need for vigilant data protection practices.
As the situation develops, Wealthsimple continues to prioritize the security of its customers while reinforcing its commitment to transparency and accountability in handling sensitive information.
