Wealthsimple, a leading financial services firm, reveals a data breach incident.

ByAdmin

Wealthsimple, a prominent Canadian online investment management service, has recently disclosed a data breach affecting the personal data of an undisclosed number of customers. Founded in 2014 and headquartered in Toronto, the firm manages over CAD$84.5 billion in assets, offering a diverse range of financial products that cater to investments, trading, cryptocurrency, tax filing, spending, and savings for more than 3 million Canadians. The company detected the breach on August 30th, stating that no funds were stolen and passwords remained uncompromised, ensuring the security of all customer accounts. Wealthsimple revealed that a specific software package from a trusted third party had been compromised, leading to unauthorised access to personal information for less than 1% of its clients, including contact details, government IDs, financial details, Social Insurance Numbers, and dates of birth.

In response to the incident, Wealthsimple has notified affected customers via email and is providing two years of complimentary credit monitoring, dark-web monitoring, identity theft protection, and insurance. Customers are advised to enhance their account security by enabling two-factor authentication (2FA), avoiding password reuse, and staying vigilant against potential phishing attempts. While the company has not disclosed how the attackers accessed the personal information, the breach appears to be linked to a recent wave of Salesforce data breaches associated with the ShinyHunters extortion group. BleepingComputer has identified a Salesloft instance on a Wealthsimple subdomain that seems to be inactive, and ShinyHunters has confirmed that the Wealthsimple breach is part of the broader Salesloft supply-chain attack, which has previously targeted high-profile companies such as Google, Cisco, and LVMH subsidiaries. 

Categories: Data Breach, Personal Information Security, Financial Services 

Tags: Wealthsimple, Data Breach, Personal Data, Cybersecurity, Credit Monitoring, Identity Theft, Two-Factor Authentication, Salesforce, ShinyHunters, Financial Services 

Leave a Reply

Your email address will not be published. Required fields are marked *