SoFi Hong Kong Data Breach

SoFi Hong Kong Data Breach

SoFi Hong Kong, a subsidiary of the U.S.-based financial technology company SoFi, has confirmed a data breach after hackers gained access to a database at a third-party vendor containing customer information.

The company, which provides investment and securities services to customers in the region, discovered the incident on April 30, 2026, after detecting unauthorized access to a database of SoFi Securities (Hong Kong) Limited via one of its vendors.

Investigation Ongoing

After discovering the incident, SoFi engaged with a third-party cybersecurity firm to respond. The company says its investigation is ongoing and that it still does not know which specific data may have been exposed.

In emails sent to customers, SoFi said:

We do not yet have complete information about the scope and impact of the incident, or whether (and, if so, which categories of) your personal data was involved. We are actively reviewing the situation and taking extra precautions to keep your account secure.

Precautions and Recommendations

While SoFi has not disclosed what information may have been exposed, the company warned customers to remain vigilant for phishing attempts, suspicious communications, and unusual account activity.

The company also advised customers to update passwords, enable two-factor authentication where possible, monitor financial accounts for suspicious activity, and avoid opening links or attachments in unsolicited emails or messages.

SoFi says it has added additional safeguards and monitoring to affected accounts and may request additional verification information from customers who contact support or make account changes.

For customers seeking additional information, SoFi provided a Hong Kong support line (+852 26938888) and email address (hello@sofi.hk).

Lack of Transparency

In a statement shared with BleepingComputer, a SoFi spokesperson confirmed the breach but declined to answer additional questions regarding the incident, including how many customers were affected, whether the company was extorted, or the identity of the third-party vendor involved.

SoFi's lack of transparency has raised concerns among customers and security experts, who emphasize the importance of timely and detailed disclosure in the event of a data breach.

Security Measures

The incident highlights the need for robust security measures to protect sensitive customer data. SoFi's decision to engage with a third-party cybersecurity firm to respond to the incident is a step in the right direction.

However, the company's failure to disclose key details about the breach has sparked criticism and underscores the importance of transparency in the aftermath of a security incident.

As the investigation continues, SoFi customers are advised to remain vigilant and take precautions to protect their personal and financial information.

Related Incidents

The SoFi Hong Kong data breach is the latest in a series of security incidents affecting major companies and organizations. Recent breaches include the Anodot breach exposed user data at video service Vimeo, the Medtronic breach after hackers claimed 9 million records theft, the Booking.com data breach that forced reservation PIN resets, and the Oxford University data breach after a careers platform hack.

These incidents serve as a reminder of the importance of robust security measures and timely disclosure in the event of a data breach.

---

Source: BleepingComputer