Wealthsimple disclosed that a security incident over the weekend exposed sensitive information of certain clients, such as social insurance numbers, financial data like account numbers, government IDs provided during registration, and IP addresses. However, the investment management service assured that no funds were taken, and all accounts remain secure.
The company promptly responded to the breach, containing the issue within a few hours. Wealthsimple’s security team, in collaboration with external experts, initiated a comprehensive investigation. The breach was attributed to a compromise in third-party software that allowed unauthorized access to customer data. The company did not disclose the specific software provider in its communication with CBC News.
Wealthsimple indicated that less than one percent of its approximately three million clients were impacted by the breach. Affected individuals have been notified via email, with the assurance that those not receiving an email by the morning following the incident were unaffected.
Acknowledging the distress caused by the data breach, Wealthsimple expressed regret to the affected clients and the entire customer base for the potential anxiety arising from the breach. The company has bolstered its security measures to mitigate similar risks and is providing affected clients with two years of complimentary credit monitoring, dark-web monitoring, insurance, and identity theft protection services.