Wealthsimple hackers gained access to customer account numbers, government IDs, and more

Published: 8 September 2025
Last updated: 9 September 2025
Wealthsimple investment services firm
Image by JLstock | Shutterstock

Online investment management firm Wealthsimple admits that customer data, including financial account numbers and government IDs, has been accessed by cybercriminals during a recent third-party breach.

September 9th, 2025, 7:26 p.m. ET: Article was updated to reflect confirmation from Wealthsimple the breach was unrelated to the recent Salesforce attack campaign.

The Canadian-based fintech company posted an “Important Security Update” on its website for individual and business clients, first disclosing the August 30th breach on Friday.

ADVERTISEMENT

“On August 30th, Wealthsimple detected a data security incident,” the company said, adding that IT teams “acted quickly, and in a few hours the issue was contained.”

“All accounts remain secure, and no funds were accessed or stolen,” Wealthsimple said in the notice, noting that “no passwords were compromised.”

Wealthsimple breach notification
Wealthsimple.com

However, Wealthsimple, which serves more than three million online customers out of its Toronto headquarters, also revealed that the unnamed hackers did gain unauthorized access to a trove of client personal and financial information.

The millennial and crypto-friendly wealth services company says compromised client data is not limited to, but includes:

  • Personal contact details (name, address, email, etc.)
  • Government IDs
  • Account numbers
  • IP address
  • Social Insurance Number (SIN)
  • Date of birth

Less than 1% of Wealthsimple clients' personal data was “accessed without authorization for a brief period,” it said, equal to roughly 30,000 clients.

Steve Cobb, Chief Information Security Officer at SecurityScorecard, points out that "while the incident was contained quickly and no passwords or funds were compromised, the exposed data still represents a significant risk."

ADVERTISEMENT

“Even at 1% of Wealthsimple’s customer base, the breach still includes tens of thousands of users whose information can now be weaponized for identity theft and fraud via social engineering,” Cobb said.

banking trojan crypto
Image by Cybernews

As of 10:30 a.m. EST on September 5th, any customer affected by the breach is said to have already been contacted.

“If you did not receive an email from us about this, your data was not impacted,” Wealthsimple reiterated.

Salesforce connection?

Wealthsimple said a preliminary investigation found the hackers were able to compromise the network via a “specific software package that was written by a trusted third party.”

Cobb stressed that the fintech’s breach “reinforces the need for organizations handling sensitive data to treat every third-party integration as part of the security perimeter.”

This includes “continuous auditing, embedded breach detection, and strict access controls across all data flows,” the CISO explained. “As attackers increasingly exploit indirect pathways, resilience depends on securing not just the core platform, but every service that touches sensitive user data,” he said.

Wealthsimple is listed as a customer of Salesforce, which has been the source of a recent and massive hacking campaign impacting over 700 companies worldwide.

A representative for Wealthsimple confirmed to Cybernews in an email the security incident was "completely unrelated to software giant Salesforce." The Canadian Tech & Startup News outlet 'betakit' further elaborated that Wealthsimple “would not name the identity of the third-party vendor.”

ADVERTISEMENT
Salesforce data leak
Image by Cybernews.

Called the fastest growing online investment manager by Salesforce, Wealthsimple’s business model primarily targets individuals and business owners under the age of 45, atypical of traditional investment services firms.

In fact, Weathsimple’s founder and CEO, Michael Katchen, is quoted on the cloud-based Customer Relationship Management (CRM) firm's website as one of its Salesforce customer success stories.

“Millennials are missing out on opportunities to secure their financial future. A lot of young people are mistrustful of big banks and put off by the paperwork,” Katchen states.

Wealthsimple Salesforce
Salesforce.com.

A subsidiary of The Power Corporation of Canada, Wealthsimple apologized to clients whose data was accessed, acknowledging that “threats to personal data can cause a lot of anxiety.”

The financial company said it is providing a dedicated support team, as well as complimentary credit monitoring, identity theft protection, and insurance for everyone impacted.

Niamh Ancell BW justinasv vilius Konstancija Gasaityte profile
Don’t miss our latest stories on Google News
Google News Follow us

Cybernews has covered multiple instances of suspected Salesforce breaches, including most recently Jaguar Land Rover, Palo Alto Networks, Cloudflare, and Zscaler.

Other major Salesforce victims in recent months have included the Workday, ChangeNow, Allianz Life, TransUnion, Farmers Insurance, Air France, KLM, Coca-Cola, Cisco, Qantas Adidas, and luxury goods makers Chanel and Louis Vuitton’s LVMH.

ADVERTISEMENT

A new collaboration between three cybercrime gangs – including M&S hackers Scattered Spider, Shiny Hunters, and LAPSUS$ – has claimed responsibility for the attacks, while taunting its victims and the FBI.

Share
Post
Share
Share
Share
More from Cybernews
By participating in this viral trend, you help train AI where it struggles the most
Windows hibernation may contribute to SSD wear as storage costs rise
UFO skeptic Michael Shermer apologizes to David Grusch
Man tries to make a sale on Facebook Marketplace, gets scammed out of $300 via Zelle
Critical FFmpeg flaw discovered: just watching a video can fully compromise your system
The world's top intelligence alliance: AI could supercharge cyberattacks within months
ADVERTISEMENT