A Wealthsimple program is shown on a cellphone in this handout photo. (Wealthsimple/The Canadian Press)
Wealthsimple has confirmed a cyber breach that exposed sensitive personal details of some clients. The security incident, reported Saturday, was linked to a third-party software vulnerability.
The data accessed included social insurance numbers, government IDs, account numbers, and IP addresses. The company stressed that no money was stolen and all accounts remain secure.
Swift Action Contained the Threat
Wealthsimple said the breach was contained within hours.
“Our security team, with outside experts, acted immediately and stopped the attack within a few hours,” the company stated.
The platform emphasized that its internal systems were not compromised. Instead, a flaw in third-party software opened the door to the data exposure. The provider’s name was not disclosed.
Less Than One Percent Impacted
Wealthsimple serves around three million clients across Canada. The company confirmed fewer than one per cent were affected.
Clients whose information was accessed were notified by email. Wealthsimple said anyone who did not receive an email was not impacted.
“We apologize deeply to clients whose data was exposed — and to all our users,” the statement said. “We know incidents like this create stress and concern.”
Extra Protection for Affected Clients
To ease concerns, Wealthsimple is offering affected clients two years of free protection services. This includes credit monitoring, dark-web surveillance, identity theft insurance, and support to address potential misuse of data.
The company added it has strengthened its security systems to block similar attacks in the future.
The Growing Concerns Around Digital Security
The breach underscores the growing risks facing financial technology platforms. With personal and financial information stored online, cyber threats remain a top worry for users.
Wealthsimple reassured clients that their funds remain untouched. Experts note that while limited in scale, breaches involving social insurance numbers and IDs carry long-term risks.
So far, no fraudulent activity linked to the breach has been reported.
Rebuilding Transparency and Trust
Wealthsimple pledged transparency as the investigation continues. The company promised to share updates if new findings emerge.
By moving quickly, limiting exposure, and offering protection to affected users, the platform is aiming to rebuild trust.
Clients are urged to remain vigilant, check account activity, and take advantage of the free monitoring services.
The incident is a reminder of how vital strong digital safeguards are as more Canadians manage their money online.
