Canadian Financial services firm Wealthsimple discloses customer data breach

Canadian financial services company Wealthsimple said Friday that the personal data of a small percentage of its customers was compromised after malicious actors compromised a third-party provided software product.

The financial services institution, which has over $70 billion in assets under administration and more than three million customers, said in a press release that all customer accounts remain secure and no funds were accessed or stolen as a result of the security incident.

Wealthsimple said it detected the security incident on August 30th and its security team acted quickly to sever unauthorised access to customer information within a few hours.

"We learned that a specific software package that was written by a trusted third party had been compromised. This resulted in personal data belonging to less than 1% of our clients being accessed without authorisation for a brief period," the company announced.

As per the press release, malicious actors who compromised the third-party software solution were able to access personal information like contact details, government IDs provided during the Wealthsimple sign-up process, financial details, such as account numbers, IP address, Social Insurance Number, or date of birth. 

Wealthsimple assured affected customers that the data security incident did not compromise their account passwords or funds stored in their savings accounts. The company added that it uses two-factor authentication to ensure that malicious third parties cannot gain access to customer accounts using stolen passwords or account details.