Wealthsimple client data, including SINs, accessed in security breach

Wealthsimple says a security breach on Saturday leaked sensitive data of some of its clients, including social insurance numbers, financial details including account numbers, government IDs provided during the signup process and IP addresses.

However, the investment management platform says no funds were stolen and that all accounts remain secure.

"We acted quickly and in a few hours the issue was contained. Our security team, with the help of external experts, immediately began a thorough investigation," the company said in a statement.

Wealthsimple says third-party software was compromised, which allowed customer data to be accessed. In an email to CBC News, a spokesperson did not say which company provided the software.

WATCH | Five years after the Desjardins breach:

Financial institutions have added more safeguards over the years. While experts say your information will always be at risk, there are steps you can take to protect yourself.

The company said "significantly less" than one per cent of its roughly three million clients were affected.

Wealthsimple says it has emailed those affected by the breach, and that anyone who hadn't received an email by this morning was not impacted.

"We apologize to those clients whose data was accessed — and to all our clients, because threats to personal data can cause a lot of anxiety," the statement said.

The company says it has since enhanced its security to prevent similar threats.

Wealthsimple is offering affected clients two years of free credit and dark-web monitoring, plus insurance and identity theft protection.