Wealthsimple reported a security breach on Saturday that exposed sensitive information of some clients, such as social insurance numbers, financial details like account numbers, government IDs provided during sign-up, and IP addresses. Despite this, the investment management platform assured that no funds were stolen, and all accounts remain secure.
The company acted swiftly to contain the issue, launching a thorough investigation with the assistance of external security experts. According to a statement from Wealthsimple, the breach was caused by a compromise in third-party software, granting unauthorized access to customer data. However, the company did not disclose the name of the software provider in their response to CBC News.
Wealthsimple confirmed that fewer than one percent of its approximately three million clients were impacted by the breach. Affected individuals have been notified via email, and the company assured that those who did not receive an email by the following morning were not affected.
Expressing regret for the breach and acknowledging the anxiety it may cause, Wealthsimple apologized to the affected clients and all customers. As a response to the incident, the company has bolstered its security measures to prevent similar occurrences. Additionally, Wealthsimple is providing affected clients with two years of complimentary credit and dark-web monitoring, along with insurance and identity theft protection services.
