SoFi Securities and SoFi Hong Kong: SoFi confirms third-party data breach at Hong Kong subsidiary

SoFi Hong Kong Reports Data Breach via Third-Party Vendor

SoFi Hong Kong, a subsidiary of U.S.-based financial technology company SoFi, has disclosed a data breach after hackers accessed a customer database through a third-party vendor. The incident was detected on April 30, 2026, when unauthorized access to a database belonging to SoFi Securities (Hong Kong) Limited was identified.

SoFi engaged a third-party cybersecurity firm to investigate the breach, though the full scope and impact remain unclear. In emails sent to affected customers, the company stated it has not yet determined which specific data may have been exposed. A SoFi spokesperson confirmed the breach to BleepingComputer but declined to provide further details, including the number of impacted customers, whether extortion was involved, or the identity of the compromised vendor.

While the exact data at risk has not been disclosed, SoFi advised customers to watch for phishing attempts, suspicious communications, and unusual account activity. The company has implemented additional safeguards, including enhanced monitoring of affected accounts and potential verification requirements for support interactions or account changes.

Customers seeking assistance were directed to a Hong Kong support line (+852 26938888) and email (hello@sofi.hk). The investigation remains ongoing.

Source: https://www.bleepingcomputer.com/news/security/sofi-confirms-third-party-data-breach-at-hong-kong-subsidiary/

SoFi Hong Kong cybersecurity rating report: https://www.rankiteo.com/company/sofihongkong

"id": "SOF1780957667",
"linkid": "sofihongkong",
"type": "Breach",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Fintech',
                        'location': 'Hong Kong',
                        'name': 'SoFi Securities (Hong Kong) Limited',
                        'type': 'Financial Services'}],
 'attack_vector': 'Third-Party Vendor Compromise',
 'customer_advisories': 'Customers advised to monitor accounts and contact '
                        'support for assistance.',
 'data_breach': {'personally_identifiable_information': True},
 'date_detected': '2026-04-30',
 'description': 'SoFi Hong Kong, a subsidiary of U.S.-based financial '
                'technology company SoFi, has disclosed a data breach after '
                'hackers accessed a customer database through a third-party '
                'vendor. The incident was detected on April 30, 2026, when '
                'unauthorized access to a database belonging to SoFi '
                'Securities (Hong Kong) Limited was identified.',
 'impact': {'brand_reputation_impact': True,
            'data_compromised': True,
            'identity_theft_risk': True,
            'systems_affected': ['Customer database']},
 'investigation_status': 'Ongoing',
 'recommendations': 'Customers advised to watch for phishing attempts, '
                    'suspicious communications, and unusual account activity.',
 'references': [{'source': 'BleepingComputer'}],
 'response': {'communication_strategy': 'Customer advisories via email',
              'enhanced_monitoring': True,
              'incident_response_plan_activated': True,
              'third_party_assistance': 'Cybersecurity firm'},
 'title': 'SoFi Hong Kong Reports Data Breach via Third-Party Vendor',
 'type': 'Data Breach'}