SoFi Hong Kong Subsidiary Hit by Third-Party Data Breach
SoFi's Hong Kong subsidiary has confirmed a data breach originating from unauthorized access at a third-party vendor, exposing customer information.
SoFi Hong Kong is alerting its customers to a data breach that occurred after hackers gained unauthorized access to a database held by one of its third-party vendors. The breach, discovered on April 30, 2026, impacted SoFi Securities (Hong Kong) Limited, a subsidiary of the U.S.-based financial technology company.
The incident came to light when SoFi detected suspicious activity indicating unauthorized access to a vendor's database containing customer information. Following the discovery, the company engaged a third-party cybersecurity firm to investigate the extent of the breach and to assist with remediation efforts. The investigation is ongoing, and SoFi has stated that it does not yet have complete information regarding the specific types of personal data that may have been exposed or the overall scope of the incident.
In communications sent to affected customers, SoFi emphasized that it is actively reviewing the situation and implementing additional security measures to protect customer accounts. The company has not disclosed the identity of the third-party vendor involved in the breach, nor has it provided details on the number of customers affected or whether any ransom demands were made. This lack of specific information leaves customers uncertain about the potential impact on their personal data.
While the exact nature of the compromised data remains unclear, SoFi has advised its Hong Kong customers to remain vigilant against potential phishing attempts, suspicious communications, and unusual activity on their financial accounts. The company recommends proactive security steps, including updating passwords, enabling two-factor authentication wherever possible, and closely monitoring financial statements for any fraudulent transactions.
SoFi has also stated that it is applying enhanced safeguards and monitoring to the affected accounts. Customers who contact support or make changes to their accounts may be asked to provide additional verification information as a precautionary measure. The company has provided a dedicated Hong Kong support line (+852 26938888) and an email address (hello@sofi.hk) for customers seeking further assistance or information regarding the incident.
This incident underscores the persistent risks associated with third-party vendor relationships in the cybersecurity landscape. Financial institutions, in particular, are prime targets for attackers seeking access to sensitive customer data, and breaches originating from supply chain vulnerabilities continue to pose a significant threat. The ongoing investigation will be crucial in determining the full impact and the necessary steps to prevent future occurrences.