SoFi Hong Kong subsidiary hit by third-party data breach
▼ Summary
– SoFi Hong Kong suffered a data breach after hackers accessed a customer database at a third-party vendor, discovered on April 30, 2026.
– The company has not yet determined the scope of the breach or which specific customer data may have been exposed.
– SoFi hired a third-party cybersecurity firm to respond and is conducting an ongoing investigation.
– SoFi declined to disclose the number of affected customers, whether it was extorted, or the identity of the vendor involved.
– The company advised customers to watch for phishing, update passwords, enable two-factor authentication, and monitor accounts for suspicious activity.
SoFi Hong Kong is notifying customers of a data breach after an unauthorized party accessed a database managed by a third-party vendor, potentially exposing personal information.
The U. S.-based financial technology company, known for its banking, investing, and loan services, operates a Hong Kong branch that offers investment and securities products to local clients. According to emails reviewed by BleepingComputer, SoFi discovered the incident on April 30, 2026, when it detected unauthorized access to a database belonging to SoFi Securities (Hong Kong) Limited through one of its vendors.
Upon discovery, the company brought in an external cybersecurity firm to manage the response. The investigation remains active, and SoFi has not yet determined the full scope of the breach or which specific data may have been compromised.
“We do not yet have complete information about the scope and impact of the incident, or whether (and, if so, which categories of) your personal data was involved,” the company stated in its customer notification. “We are actively reviewing the situation and taking extra precautions to keep your account secure.”
A SoFi spokesperson confirmed the breach but declined to answer further questions, including how many customers were affected, whether the company faced extortion demands, or the name of the third-party vendor involved.
Although SoFi has not specified what data might have been exposed, it urged customers to stay alert for phishing attempts, suspicious communications, and unusual account activity. The company recommended updating passwords, enabling two-factor authentication where available, monitoring financial accounts closely, and avoiding links or attachments in unsolicited messages.
SoFi has implemented additional safeguards and monitoring on affected accounts. Customers who contact support or attempt to make account changes may be asked for extra verification. For more information, SoFi provided a Hong Kong support line (+852 26938888) and an email address (hello@sofi.hk).
(Source: BleepingComputer)
