P2021-ND-204

Wealthsimple Financial Corp.

On October 13, 2020, the Organization became aware of a credential stuffing incident involving suspicious attempts to access data from certain user accounts. The unauthorized third party was able to log into client accounts between October 9, 2020, and October 13, 2020, using a valid email address and password. The Organization?s investigation discovered that passwords were not obtained from its systems. The Organization believes that an unauthorized individual may have obtained client passwords from another site or app where clients used the same password as the one for their Organization account.

File Type: pdf
Categories: 2021
Tags: Unauthorized access