SoFi Hong Kong warns of data breach after third-party vendor compromise

SoFi Hong Kong is alerting customers to a potential data breach that occurred after unauthorized access was gained to a database held by a third-party vendor. The incident was discovered on April 30, 2026, when the company detected the unauthorized access. SoFi has engaged a cybersecurity firm to investigate the scope and impact of the breach, as reported by Bleeping Computer.

The breach involves a database managed by a third-party vendor used by SoFi Securities (Hong Kong) Limited. At this time, the company has not confirmed which specific customer data may have been exposed, stating that the investigation is ongoing and complete information is still lacking. SoFi has advised customers to be vigilant against phishing attempts, monitor their financial accounts for suspicious activity, update passwords, and enable two-factor authentication. The company is implementing additional safeguards and monitoring for affected accounts. The exact number of customers impacted and the identity of the third-party vendor have not been disclosed.

Source: Bleeping Computer