If you have an account with Wealthsimple, make sure to check your email. You may have been impacted by a cyberattack.
In an email sent to affected clients on Friday at 10:30 a.m. EDT, the online investment management service said that it had detected a data security incident on Aug. 30.
“We then acted quickly, and in a few hours, the issue was contained,” reads the email, which was shared by some clients on Reddit. “We learned that a specific software package that was written by a trusted third party had been compromised.”
Wealthsimple shared more details about the data breach on its website.
FellowNeko/Shutterstock
According to the company, the security incident resulted in personal data belonging to less than one per cent of its clients being accessed without authorization for a brief period. The financial service has over three million Canadian clients.
A Wealthsimple spokesperson told Daily Hive that they notified clients a week after the incident occurred because they had to contain it, complete an investigation and meet regulatory requirements.
If you didn’t receive an email from the company on Sept. 5, your data was not affected.
The following personal data was impacted by the cyberattack:
Contact details
Government IDs provided during the sign-up process
Financial details, such as account numbers
IP address
Social Insurance Numbers
Date of birth
The following information was not affected:
Passwords
No funds were accessed or stolen
In the aftermath of the breach, the company is providing clients who were impacted with two years of free credit and dark-web monitoring, as well as identity theft protection and insurance.
It also has a dedicated support team for impacted customers, and it has informed all applicable privacy and financial regulators.
“If you’re worried about the security of your data, rest assured that Wealthsimple has already enhanced protections against any similar threats,” reads the notice.
Wealthsimple also shared other measures clients can take to protect themselves from future cyberattacks, including:
Using 2FA with an authenticator app
Be alert to phishing (the company said it will never ask for passwords or authentication codes, or ask you to move money
Never reuse passwords
Clients with additional questions can contact the company’s support team.
This isn’t the only cyberattack to occur in recent weeks. Last month, WestJet reported a data breach that impacted customers’ passport information.