Financial services firm Wealthsimple discloses data breach
Update September 05, 13:21 EDT: Added a statement from Wealthsimple confirming that this attack wasn’t part of an ongoing Salesforce data theft campaign.
Wealthsimple, a leading Canadian online investment management service, has disclosed a data breach after attackers stole the personal data of an undisclosed number of customers in a recent incident.
Founded in 2014 and headquartered in Toronto, the financial services firm holds over CAD$84.5 billion in assets (approximately $61 billion). It offers a wide range of financial products targeting investments, trading, cryptocurrency, tax filing, spending, and savings to over 3 million Canadians.
Wealthsimple’s Android app has over 1 million downloads on the Google Play Store, while its iOS app has collected over 126,000 ratings from Apple users.
As shared in an official statement and breach notifications emailed to customers (seen by BleepingComputer), the company detected the breach on August 30th.
Wealthsimple stated that the attackers did not steal any funds and did not compromise passwords, ensuring that all customer accounts remain secure.
“We learned that a specific software package that was written by a trusted third party had been compromised. This resulted in personal data belonging to less than 1% of our clients being accessed without authorization for a brief period,” Wealthsimple said.
“Data that was accessed was personal information like contact details, government IDs provided during the Wealthsimple sign-up process, financial details, such as account numbers, IP address, Social Insurance Number, or date of birth.”
Since detecting the incident, the financial services company has notified impacted customers via email, and it is now providing them with two years of complimentary credit monitoring, as well as dark-web monitoring, identity theft protection, and insurance.
Affected customers are advised to secure their accounts using two-factor authentication (2FA) with an authenticator app, never reuse passwords, and remain vigilant against potential phishing attempts impersonating Whealthsimple.
While the company didn’t provide any information on how the attackers gained access to the customers’ personal information, the details shared in the statement and data breach notifications seemed to suggest that the company may have been one of the victims in a recent wave of Salesforce data breaches linked to the ShinyHunters extortion group.
When we reached out to Wealthsimple with questions about the incident and to confirm how the attackers stole its customers’ data, a spokesperson told BleepingComputer that the “incident is not related to Salesforce.”
46% of environments had passwords cracked, nearly doubling from 25% last year.
Get the Picus Blue Report 2025 now for a comprehensive look at more findings on prevention, detection, and data exfiltration trends.
Source link