Wealthsimple, a Canadian online investment management service with over CAD$84.5 billion in assets and 3 million users, suffered a data breach on August 30th. Attackers exploited a compromised third-party software package to unauthorizedly access personal data of less than 1% of its clients. The stolen information included contact details, government IDs (e.g., Social Insurance Numbers), financial account numbers, IP addresses, and dates of birth. While no funds or passwords were stolen, the breach exposed sensitive customer data, prompting Wealthsimple to offer two years of free credit monitoring, dark-web monitoring, identity theft protection, and insurance to affected users. The company advised enabling 2FA, avoiding password reuse, and staying alert for phishing attempts. Though initially linked to the ShinyHunters extortion group’s Salesforce breaches, Wealthsimple later clarified the incident was unrelated to Salesforce. The breach highlights risks from third-party vulnerabilities in financial services.
TPRM report: https://www.rankiteo.com/company/wealthsimple
"id": "wea3363933090625",
"linkid": "wealthsimple",
"type": "Breach",
"date": "9/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Less than 1% of clients (exact '
'number undisclosed)',
'industry': 'Online Investment Management',
'location': 'Toronto, Canada',
'name': 'Wealthsimple',
'size': 'Over 3 million customers; CAD$84.5 billion '
'(~$61 billion) in assets under management',
'type': 'Financial Services'}],
'attack_vector': 'Compromised third-party software package',
'customer_advisories': ['Secure accounts with 2FA',
'Monitor for phishing attempts',
'Use provided credit/dark-web monitoring services'],
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': 'Less than 1% of 3 million '
'customers (exact number '
'undisclosed)',
'personally_identifiable_information': 'Yes (SINs, dates of '
'birth, contact '
'details, government '
'IDs)',
'sensitivity_of_data': 'High (includes SINs and government '
'IDs)',
'type_of_data_compromised': ['Personal information (contact '
'details)',
'Government-issued IDs',
'Financial account details',
'IP addresses',
'Social Insurance Numbers (SIN)',
'Dates of birth']},
'date_detected': '2024-08-30',
'date_publicly_disclosed': '2024-09-05',
'description': 'Wealthsimple, a Canadian online investment management '
'service, disclosed a data breach where attackers stole '
'personal data of an undisclosed number of customers. The '
'breach was detected on August 30th and involved a compromised '
'third-party software package. Personal data accessed included '
'contact details, government IDs, financial details (e.g., '
'account numbers), IP addresses, Social Insurance Numbers, and '
'dates of birth. No funds were stolen, and passwords remained '
'secure. Affected customers were offered two years of '
'complimentary credit monitoring, dark-web monitoring, '
'identity theft protection, and insurance. The company '
'clarified the incident was unrelated to the Salesforce data '
'theft campaign linked to the ShinyHunters extortion group.',
'impact': {'brand_reputation_impact': 'Potential reputational harm due to '
'exposure of sensitive customer data',
'data_compromised': ['Contact details',
'Government IDs',
'Financial details (e.g., account numbers)',
'IP addresses',
'Social Insurance Numbers (SIN)',
'Dates of birth'],
'financial_loss': 'None (no funds stolen)',
'identity_theft_risk': 'High (SINs, government IDs, and personal '
'details exposed)',
'payment_information_risk': 'Low (no payment info explicitly '
'mentioned as compromised)'},
'initial_access_broker': {'entry_point': 'Compromised third-party software '
'package'},
'investigation_status': 'Ongoing (company clarified incident unrelated to '
'Salesforce breaches)',
'post_incident_analysis': {'root_causes': 'Compromised third-party software '
'package (details undisclosed)'},
'recommendations': ['Enable two-factor authentication (2FA) with an '
'authenticator app',
'Avoid password reuse',
'Remain vigilant against phishing attempts impersonating '
'Wealthsimple'],
'references': [{'date_accessed': '2024-09-05', 'source': 'BleepingComputer'},
{'date_accessed': '2024-09-05',
'source': 'Wealthsimple Official Statement'}],
'response': {'communication_strategy': ['Official statement and breach '
'notifications emailed to customers',
'Media outreach (e.g., '
'BleepingComputer)'],
'incident_response_plan_activated': 'Yes (breach detected and '
'customers notified)',
'remediation_measures': ['Notified impacted customers via email',
'Offered two years of complimentary '
'credit monitoring',
'Provided dark-web monitoring, identity '
'theft protection, and insurance']},
'stakeholder_advisories': 'Customers notified via email; media statements '
'issued',
'title': 'Wealthsimple Data Breach',
'type': 'Data Breach'}