Wealthsimple has confirmed a data breach that exposed sensitive customer details, including contact information, government-issued IDs, account numbers, IP addresses, Social Insurance Numbers, and dates of birth. The incident impacted fewer than one percent of the company’s three million clients.

The fintech firm emphasized that no passwords or funds were compromised and that all customer accounts remain secure. The breach, detected on August 30, was traced back to a compromised software package developed by a trusted third-party provider. Wealthsimple engaged external cybersecurity experts to investigate the issue.

All affected customers have been notified and offered two years of free credit monitoring and protection. In a notice to clients, Wealthsimple stressed its commitment to transparency and customer trust, stating: “We take the trust you put in us very seriously. That’s why we acted quickly to inform clients, share details, and provide support. Most importantly, we apologise to those impacted, and to all our clients, as we recognize the stress that threats to personal data can cause.”