Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Canadian investment platform Wealthsimple disclosed a data breach

Wealthsimple reported a data breach affecting some customers due to a supply chain attack via a third-party software package. Canadian investment platform Wealthsimple disclosed a data breach that impacted some customers. The company discovered the security breach on August 30, which stemmed from a supply chain attack via a trusted third-party software package. “On August 30th, […]

University of Pennsylvania

Wealthsimple reported a data breach affecting some customers due to a supply chain attack via a third-party software package.

Canadian investment platform Wealthsimple disclosed a data breach that impacted some customers. The company discovered the security breach on August 30, which stemmed from a supply chain attack via a trusted third-party software package.

“On August 30th, Wealthsimple detected a data security incident. All accounts remain secure, and no funds were accessed or stolen.” reads the security update published by the company. “We acted quickly and in a few hours the issue was contained. Our security team, with the help of external experts, immediately began a thorough investigation. We learned that a specific software package that was written by a trusted third party had been compromised. This resulted in personal data belonging to less than 1% of our clients being accessed without authorization for a brief period.”

Wealthsimple quickly mitigated the attack and locked out the intruders. The root cause of the incident appears a software package developed by an unnamed third-party services provider. Wealthsimple says less than 1% of its customers’ personal data was compromised in the breach. The accessed data includes personal information like contact details, government IDs provided during the Wealthsimple sign-up process, financial details, such as account numbers, IP address, Social Insurance Number, or date of birth.

The fintech firm highlighted that the intrusion was contained within hours and no funds were accessed or stolen. The attackers did not compromise passwords and all the accounts remain fully secure.

Wealthsimple notified affected clients by email and offered two years of free credit monitoring, darkweb monitoring, ID theft protection, and insurance. A dedicated support team is available, regulators were informed, and enhanced security measures are in place. Non-notified clients were not impacted.

Wealthsimple, founded in 2014 in Toronto, is Canada’s leading fintech with over C$84B in assets and 3M clients. It offers robo-advisory portfolios, commission-free stock/ETF trading, crypto, tax filing, and savings accounts. Backed by Power Corp, it’s praised for ease of use and low fees, though it lacks broader global investment options.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)