SoFi Hong Kong Confirms Data Breach Involving Third-Party Vendor
AI-generated from multiple sources. Verify before acting on this reporting.
HONG KONG — SoFi Securities (Hong Kong) Limited confirmed on June 8, 2026, that hackers gained unauthorized access to a database at a third-party vendor containing customer information. The financial technology firm disclosed the breach late Monday, stating that the incident involved its Hong Kong subsidiary and affected personal data held by an external service provider.
The company said the breach was detected during routine security monitoring. SoFi Hong Kong reported that the unauthorized access originated from a third-party vendor’s system, not directly from SoFi’s internal networks. The firm has not specified which vendor was involved or the exact nature of the compromised data, though it confirmed that customer information was accessed.
SoFi Hong Kong stated it has notified relevant regulatory authorities in Hong Kong and is cooperating with cybersecurity experts to investigate the scope of the breach. The company is also working with law enforcement to identify the perpetrators and prevent further unauthorized access.
Customers affected by the breach are being notified directly. SoFi Hong Kong advised users to monitor their accounts for suspicious activity and to take precautions such as changing passwords and enabling two-factor authentication where available. The firm has not confirmed whether financial accounts or sensitive personal identifiers such as social security numbers were compromised.
The incident marks a significant security challenge for SoFi’s operations in Hong Kong, where the company has expanded its digital lending and wealth management services in recent years. The breach comes amid growing concerns over cybersecurity threats targeting financial institutions and their supply chains.
SoFi Hong Kong has not provided a timeline for when the breach occurred or how long the unauthorized access persisted. The company also has not disclosed the number of customers affected or the specific types of data accessed. These details remain under investigation.
Regulatory bodies in Hong Kong have not yet issued public statements regarding the breach. Financial regulators typically require firms to report significant data incidents within a specified timeframe, but no formal penalties or findings have been announced.
As of Monday evening, SoFi Hong Kong has not held a press conference or issued additional public comments. The company’s website and customer support channels remain operational, with no reported service disruptions linked to the breach.
The incident underscores the vulnerabilities associated with third-party vendor relationships in the financial sector. Cybersecurity experts have long warned that supply chain attacks pose significant risks to data security, even when primary systems remain secure.
Further details on the breach are expected as the investigation continues. SoFi Hong Kong has committed to providing updates as more information becomes available.