Canadian online investment company Wealthsimple on Friday disclosed a data breach impacting the personal information of some customers.
Wealthsimple said the incident, discovered on August 30, was the result of a supply chain attack involving a software package developed by a trusted third party that has not been named.
The company said the package had been compromised, but did not share any other technical details.
Personal information belonging to less than 1% of Wealthsimple customers was compromised as a result of the incident, the company said.
The exposed information includes contact data, government IDs provided during sign-up, IP addresses, Social Insurance Numbers, dates of birth, and financial data such as account numbers.
Wealthsimple highlighted that the intrusion was contained within hours and no funds were accessed or stolen. Passwords were not compromised and accounts “remain fully secure”, it said.
Impacted individuals are being notified and provided with free credit monitoring and identity theft protection services.
Wealthsimple offers online money management and investment solutions, including a managed and automated investing tool, a platform for buying and selling stocks and ETFs, and various other services. Wealthsimple’s assets under management exceed C$84 billion ($60 million).
Related: TransUnion Data Breach Impacts 4.4 Million
Related: More Cybersecurity Firms Hit by Salesforce-Salesloft Drift Breach
Related: Healthcare Services Group Data Breach Impacts 624,000
