If you did not receive an email from us about this, your data was not impacted. All emails have been sent as of 10:30 AM EST on September 5th.
On August 30th, Wealthsimple detected a data security incident. All accounts remain secure, and no funds were accessed or stolen. We acted quickly and in a few hours the issue was contained. Our security team, with the help of external experts, immediately began a thorough investigation. We learned that a specific software package that was written by a trusted third party had been compromised. This resulted in personal data belonging to less than 1% of our clients being accessed without authorization for a brief period.
We are taking every measure we can to make things right. No one has access to your accounts except for you.
If you did not receive an email from us about this, your data was not impacted. All emails have been sent as of 10:30 AM EST on September 5th.
We take the trust you put in us very seriously. And intrinsic to that trust is being transparent. That’s why we notified our clients as soon as possible, shared as much information as we could, and let them know we’re dedicated to doing everything we can to support them. Most importantly, we apologize to those clients whose data was accessed – and to all our clients, because threats to personal data can cause a lot of anxiety.
Here’s more information about what happened, and what we’ve done to protect your data and provide enhanced security for everyone impacted.
What was and was not accessed
- No passwords were compromised
- No funds were accessed or stolen
- All accounts remain fully secure
- Data that was accessed was personal information like contact details, government IDs provided during the Wealthsimple sign-up process, financial details, such as account numbers, IP address, Social Insurance Number, or date of birth.
What we’re doing
- Client notification - If your data was involved, you got an email from us. If you didn’t, you weren’t impacted.
- Credit monitoring and protection - Every client who was impacted gets two years of free credit and dark-web monitoring, as well as identity theft protection and insurance.
- Dedicated support team - If you have questions or concerns, a dedicated Wealthsimple support team is ready to help. Clients who were impacted can find their contact information in the email we sent you.
- Government notification - Wealthsimple informed all applicable privacy and financial regulators.
If you’re worried about the security of your data, rest assured that Wealthsimple has already enhanced protections against any similar threats. For additional security, we always recommend the following actions.
Measures to protect yourself
- Use 2FA with an authenticator app - We’re one of a few financial companies in Canada to offer this level of security. An authenticator app creates a constantly changing security code that only you can access. It is one of the best ways to protect against unauthorized logins.
- Be alert to phishing - Scammers may try to impersonate Wealthsimple. We’ll never ask for your password or authentication codes, or ask you to move money. If you get a suspicious message or call, don’t engage. Contact our support team directly.
- Never reuse passwords - Using strong and unique passwords across all your accounts helps keep them safe.
Thank you, as always, for the trust you put in us. We take it very seriously.
If you have any questions, our support team is standing by. You can get in touch here.