Wealthsimple data breach exposes customer information

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

Contact details, government IDs, financial information such as account numbers, IP addresses, Social Insurance Numbers, and dates of birth were all exposed in the breach, which affected less than one per cent of the firm’s three million customers.

No money was stolen or passwords lifted and all accounts remain secure, says Wealthsimple.

The fintech says it detected the incident on 30 August and brought in external experts to help investigate, discovering that a “specific software package that was written by a trusted third party had been compromised”.

Affected customers have been notified and offered two years of free credit monitoring and protection.

Says a notice to customers: “We take the trust you put in us very seriously. And intrinsic to that trust is being transparent. That’s why we notified our clients as soon as possible, shared as much information as we could, and let them know we’re dedicated to doing everything we can to support them.

“Most importantly, we apologise to those clients whose data was accessed – and to all our clients, because threats to personal data can cause a lot of anxiety.”