SoFi Data Breach Exposes PII of 38,049 Washington Residents
On December 29, 2025, SoFi Technologies, a San Francisco-based fintech company, suffered a data breach affecting 38,049 residents of Washington state. The incident stemmed from a social engineering attack that granted an unauthorized individual access to internal systems between December 29, 2025, and January 3, 2026. The breach was detected on January 2, 2026, prompting SoFi to launch its incident response protocols.
The exposed data included personally identifiable information (PII) such as names, dates of birth, addresses, email addresses, phone numbers, and employment and education details. SoFi confirmed that sensitive financial data including account passwords, debit or credit card numbers, and account numbers remained unaffected.
The breach was disclosed to the Washington Attorney General on January 26, 2026, with affected individuals notified via written mail. SoFi engaged cybersecurity firm CrowdStrike and other external advisors to investigate the incident and assess the scope of exposure. The company has since implemented additional monitoring and security measures, including enhanced verification steps for account access and customer support interactions.
Affected individuals were advised to review account statements, monitor credit reports, and remain cautious of potential fraud or phishing attempts. SoFi established a dedicated support line (844-820-7634) for impacted members seeking assistance.
Source: https://www.claimdepot.com/data-breach/sofi-2026
SoFi cybersecurity rating report: https://www.rankiteo.com/company/sofi
"id": "SOF1770197601",
"linkid": "sofi",
"type": "Breach",
"date": "12/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '38,049',
'industry': 'Financial Services',
'location': 'San Francisco, USA',
'name': 'SoFi Technologies',
'type': 'Fintech Company'}],
'attack_vector': 'Social Engineering',
'customer_advisories': 'Review account statements, monitor credit reports, '
'remain cautious of potential fraud or phishing '
'attempts. Dedicated support line: 844-820-7634.',
'data_breach': {'number_of_records_exposed': '38,049',
'personally_identifiable_information': ['Names',
'Dates of birth',
'Addresses',
'Email addresses',
'Phone numbers',
'Employment details',
'Education details'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personally Identifiable '
'Information (PII)'},
'date_detected': '2026-01-02',
'date_publicly_disclosed': '2026-01-26',
'description': 'On December 29, 2025, SoFi Technologies, a San '
'Francisco-based fintech company, suffered a data breach '
'affecting 38,049 residents of Washington state. The incident '
'stemmed from a social engineering attack that granted an '
'unauthorized individual access to internal systems between '
'December 29, 2025, and January 3, 2026. The breach was '
'detected on January 2, 2026, prompting SoFi to launch its '
'incident response protocols. The exposed data included '
'personally identifiable information (PII) such as names, '
'dates of birth, addresses, email addresses, phone numbers, '
'and employment and education details. SoFi confirmed that '
'sensitive financial data including account passwords, debit '
'or credit card numbers, and account numbers remained '
'unaffected.',
'impact': {'data_compromised': 'Personally Identifiable Information (PII)',
'identity_theft_risk': 'High',
'payment_information_risk': 'None',
'systems_affected': 'Internal systems'},
'investigation_status': 'Ongoing',
'post_incident_analysis': {'corrective_actions': 'Enhanced verification steps '
'for account access and '
'customer support '
'interactions, additional '
'monitoring and security '
'measures',
'root_causes': 'Social engineering attack'},
'recommendations': 'Affected individuals were advised to review account '
'statements, monitor credit reports, and remain cautious '
'of potential fraud or phishing attempts.',
'references': [{'source': 'Washington Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Washington Attorney '
'General'},
'response': {'communication_strategy': 'Written mail to affected individuals, '
'dedicated support line (844-820-7634)',
'enhanced_monitoring': 'Yes',
'incident_response_plan_activated': 'Yes',
'remediation_measures': 'Enhanced verification steps for account '
'access and customer support '
'interactions',
'third_party_assistance': 'CrowdStrike and other external '
'advisors'},
'title': 'SoFi Data Breach Exposes PII of 38,049 Washington Residents',
'type': 'Data Breach'}