Wealthsimple reveals data breach – users of financial firm warned to be on alert

One of Canada’s most popular fintech platforms has confirmed suffering a cyberattack which caused it to lose sensitive data on a small portion of its customers.

An announcement posted on Wealthsimple’s website said unnamed hackers compromised a “specific software package that was written by a trusted third party.”

The attack was spotted rather quickly, the company said, and was stopped before it could escalate, but the attackers still managed to steal personal data belonging to “less than 1%” of its clients.

Since Wealthsimple has more than three million customers, that would put the number of affected individuals to no more than 30,000, all of whom may have lost personal information such as contact details, government IDs provided during the sign-up process, financial details and account numbers, IP addresses, Social Insurance Numbers, and dates of birth.

Passwords, or funds, were not accessed, and “all accounts remain fully secure,” Wealthsimple stressed.

The investment giant said it already notified all affected people via email, and offered two years of free credit and dark web monitoring, as well as identity theft protection and insurance. Law enforcement and relevant government bodies were notified, as well.

At the same time, the company urged users to protect themselves, suggesting 2FA with an authenticator app, heightened awareness to phishing and social engineering, and using unique, strong passwords across accounts.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Wealthsimple was founded in 2014 and currently holds around $60 million in assets under management (AUM). It offers numerous financial products, including an automated investing platform, commission-free stock and ETF trading apps, and a platform to trade cryptocurrencies.

Via BleepingComputer

Source link