Wealthsimple Data Breach – User Information Leaked Online

Cybersecurity

On Tue, Sep 5, 2025, Wealthsimple, a Canadian financial technology company, reported a data security incident. The breach involved unauthorized access to personal information of less than one percent of its clients. The incident was first detected on Wed, Aug 30, 2025.

Incident Response and Investigation

Wealthsimple’s security team promptly contained the issue within hours of its detection. The breach was traced to a compromised software package from a trusted third-party vendor, which allowed unauthorized access to client data. External security experts were engaged to conduct a thorough investigation of the incident.

• Incident detected and contained within hours on Aug 30, 2025.
• External security experts involved in the investigation.
• No compromise of client accounts or passwords during the incident.
• No funds were accessed or stolen.

Data Compromised

The breach affected various types of personal information stored in Wealthsimple’s systems, including:

• Accessed: Contact details, government IDs, account numbers, and IP addresses.
• Accessed: Social Insurance Numbers and dates of birth.
• Protected: All client passwords remained secure.
• Protected: No funds were accessed, transferred, or stolen.

Despite the breach, Wealthsimple confirmed that critical security elements, such as client passwords and funds, remained protected throughout the incident.

Client Notification and Future Measures

By 10:30 AM EST on Sep 5, 2025, Wealthsimple completed notifying affected clients via email. Clients who did not receive notifications can be assured that their data was not part of the breach.

The company has implemented enhanced security measures to prevent similar incidents in the future, reinforcing its commitment to robust cybersecurity practices and client trust.