Canadians who use Wealthsimple could be a part of a new proposed class-action lawsuit filed against the company.
Last week, law firm Slater Vecchio LLP filed a class action against the online investment management service, alleging that a recent data breach “exposed highly sensitive personal and financial information of some of Wealthsimple’s Canadian customers.”
“Canadians entrust their most private financial details to institutions like Wealthsimple with the expectation that those details will be protected with the highest level of security,” stated Anthony Vecchio, partner at Slater Vecchio LLP.
FellowNeko/Shutterstock
The lawsuit refers to a cyberattack that Wealthsimple detected on Aug. 30 and notified clients about on Sept. 5. The issue was contained within a few hours, and the company learned that a specific software package written by a trusted third party had been compromised.
According to a notice shared on the company’s site on Sept. 5, the security incident resulted in personal data belonging to less than one per cent of its clients being accessed without authorization for a brief period. The financial service has over three million Canadian clients.
A Wealthsimple spokesperson told Daily Hive in September that they notified clients a week after the incident occurred because they had to contain it, complete an investigation, and meet regulatory requirements.
Personal data that was compromised in the cyberattack includes contact details, government IDs provided during the sign-up process, financial details (account numbers), IP addresses, Social Insurance Numbers, and dates of birth. No passwords or funds were accessed or stolen.
In an email statement to Daily Hive, a Wealthsimple spokesperson said that the company “strongly” believes the claims in the lawsuit are “without merit” and pledges to defend itself “vigorously.”
“Immediately upon discovering the data security incident, we acted quickly to stop it. We notified all impacted customers and offered complimentary credit and dark web monitoring as well as identity theft protection and insurance,” reads the statement. “We take the privacy of our clients very seriously and remain focused on supporting them.”
The proposed class action represents all Canadians whose information was compromised in the breach, with a subclass for clients who experienced direct impacts such as financial losses, identity theft, or fraud, tied to the cyberattack.
“When that trust is broken, individuals are left vulnerable to fraud and identity theft,” added Vecchio. “This action is about protecting Canadians and ensuring that financial institutions treat data security as the serious obligation it is.”
If you were affected by the data breach, you can submit your name, contact details, and indicate whether you received a breach notification from Wealthsimple on the class action website.
