Wealthsimple says some Canadian clients have had their personal data — including Social Insurance Numbers and other sensitive information — compromised in a “data security incident” on Aug. 30.
A statement by the popular personal finance and investing platform posted on Sept. 5 says it detected the incident on Aug. 30 and “all accounts remain secure, and no funds were accessed or stolen.”
“We acted quickly and in a few hours the issue was contained. Our security team, with the help of external experts, immediately began a thorough investigation,” Wealthsimple said in the statement.
“We learned that a specific software package that was written by a trusted third party had been compromised. This resulted in personal data belonging to less than one per cent of our clients being accessed without authorization for a brief period.”
Global News received confirmation from Wealthsimple that the company has “about 3 million clients.”
Wealthsimple says in its statement that it has sent out emails to affected users, and adds that if clients did not receive an email from them as of 10:30 a.m. Eastern regarding this specific incident, then their data was not compromised.
Get breaking National news
For news impacting Canada and around the world, sign up for breaking news alerts delivered directly to you when they happen.
“We take the trust you put in us very seriously. And intrinsic to that trust is being transparent. That’s why we notified our clients as soon as possible, shared as much information as we could, and let them know we’re dedicated to doing everything we can to support them,” the statement says.
“Most importantly, we apologize to those clients whose data was accessed — and to all our clients, because threats to personal data can cause a lot of anxiety.”
The company goes on in the statement to say that user passwords and client funds were not compromised, accessed or stolen, and all accounts remain fully secure.
However, Wealthsimple says the “incident” may have led to exposure of some clients’ “personal information.”
“Data that was accessed was personal information like contact details, government IDs provided during the Wealthsimple sign-up process, financial details, such as account numbers, IP address, Social Insurance Number, or date of birth,” says Wealthsimple in the statement.
Impacted clients will receive additional credit monitoring and protection, the company says, and adds that it has informed privacy and financial regulators about the incident.
© 2025 Global News, a division of Corus Entertainment Inc.
