Toronto-based fintech Wealthsimple says a data breach on August 30 allowed unauthorized access to personal information from fewer than 1% of its clients.
The company confirmed on Friday that no funds were stolen, no accounts were accessed, and no passwords were compromised.
The breach was traced to a compromised software package from a third-party provider. Wealthsimple says the issue was contained within hours and regulators have been notified. Impacted clients were contacted directly by email, while those who did not receive a message were not affected.
“If you did not receive an email from us about this, your data was not impacted. All emails have been sent as of 10:30 AM EST on September 5th,” said Wealthsimple. So go check your inbox and spam folder. If you didn’t get an email then you weren’t affected.
Exposed data may have included names, contact details, government ID documents submitted during sign-up, account numbers, IP addresses, Social Insurance Numbers, and dates of birth.
Wealthsimple says it has strengthened protections and is offering two years of free credit monitoring, identity theft protection, and insurance to those impacted. The company has also set up a dedicated support team for affected clients.
For added security, Wealthsimple advises clients to enable two-factor authentication (2FA) using an authenticator app, which generates a time-based code unique to each device and helps prevent unauthorized logins.
The company also urges people to be cautious of phishing attempts, noting that it will never ask for passwords, authentication codes, or request that money be moved. In addition, clients are encouraged to use strong, unique passwords and avoid reusing the same login across multiple accounts to reduce the risk if another service is compromised.
Wealthsimple apologized to clients whose data was exposed, saying it understands the anxiety incidents like this can cause. The company told Bleeping Computer the security incident is not related to the ongoing Salesforce data breach.
There are over 3 million Canadians that use Wealthsimple, which manages over $70 billion in assets.
Another day, and another data breach. It’s never been more important than ever to use a password manager like 1Password and ensure you have unique passwords for every site, plus 2-factor with an authenticator app instead of text message or email, when possible.
Want to see more of our stories on Google?
P.S. Want to keep this site truly independent? Support us by buying us a beer, treating us to a coffee, or shopping through Amazon here. Links in this post are affiliate links, so we earn a tiny commission at no charge to you. Thanks for supporting independent Canadian media!
