- WealthSimple had a data violation through third -party software
- Sub 1% of users lost personal information, not passwords or funds
- The affected users obtained alerts, protection and security advice
One of the most popular Fintech platforms in Canada has confirmed the suffering of a cyber attack that caused confidential data about a small portion of its customers.
An advertisement published on the WealthSimple website said the unidentified computer pirates compromised a “specific software package that was written by a third party of confidence.”
The attack was seen quite fast, the company said, and stopped before it could increase, but the attackers still managed to steal personal data that belonged to “less than 1%” of its customers.
Free identity theft monitoring
Since WealthSimple has more than three million customers, that put the number of people affected by no more than 30,000, all of whom may have lost personal information, such as contact data, government identifications provided during the registration process, financial details and accounts numbers, IP addresses, social security numbers and birth dates.
Passwords, or funds were not accessed, and “all accounts remain completely safe,” WealthSimple emphasized.
The investment giant said he already notified all people affected by email, and offered two years of free credit and dark web monitoring, as well as protection of identity and insurance. The application of the law and relevant government agencies were also notified.
At the same time, the company urged users to protect, suggesting 2FA with an authenticator application, a greater awareness about phishing and social engineering, and the use of unique and safe passwords in all accounts.
WealthSimple was founded in 2014 and currently has around $ 60 million in assets under administration (AUM). It offers numerous financial products, including an automated investment platform, trade and ETF actions trade without commissions, and a platform to exchange cryptocurrencies.
Through Bleepingcomputer
