Back

SoFi Hong Kong Data Breach Exposes Customer Information via Third-Party Vendor

Severity: Medium (Score: 51.9)

Sources: Rescana, Bleepingcomputer, www.claimdepot.com

Published: 2026-06-09 · Updated: 2026-06-09

Keywords: sofi, hong, kong, third-party, data, breach, customer

Severity indicators: breach, data breach

Summary

On April 30, 2026, SoFi Hong Kong detected unauthorized access to a customer information database managed by a third-party vendor. The breach, publicly disclosed on June 8, 2026, exposed personally identifiable information (PII) of an undetermined number of customers. Attack vectors included social engineering and exploitation of third-party vendor access, with no malware detected. Compromised data included names, dates of birth, addresses, email addresses, phone numbers, and employment and education information. SoFi engaged external cybersecurity experts and notified affected individuals and regulators. The incident highlights the importance of third-party risk management in the financial sector. SoFi has implemented enhanced monitoring and verification procedures in response to the breach. Key Points: • SoFi Hong Kong experienced a data breach due to unauthorized access via a third-party vendor. • Compromised data included PII such as names, addresses, and phone numbers, but not financial information. • The breach was detected on April 30, 2026, and publicly disclosed on June 8, 2026.

Detailed Analysis

**Impact** SoFi Hong Kong experienced unauthorized access to a customer information database managed by a third-party vendor, affecting an undetermined number of customers. The compromised data included names, full dates of birth, addresses, email addresses, phone numbers, and employment and education information, with possible exposure of government IDs and medical or financial information. No account passwords, debit or credit card numbers, or account numbers were accessed. Separately, SoFi Technologies, Inc. in the U.S. suffered a related social engineering breach affecting 38,049 Washington residents. Both incidents impacted the financial services sector across the U.S. and Hong Kong. **Technical Details** The Hong Kong breach was executed via social engineering and exploitation of third-party vendor access, classified as a supply chain compromise, without use of malware, ransomware, or offensive tools. The U.S. incident involved social engineering to gain credential access. No CVEs or specific technical indicators of compromise (IOCs) such as malware hashes or command-and-control infrastructure were reported. The attack leveraged human and organizational vulnerabilities, with no attribution or unique TTPs identified. **Recommended Response** Organizations should enhance third-party risk management and monitor vendor access controls closely. Implement multi-factor authentication and increase verification procedures for account changes or support requests. Monitor for phishing attempts and suspicious communications targeting customers and employees. No specific patches or IOCs were provided; defenders should focus on behavioral detections related to social engineering and unauthorized access attempts.

Source articles (3)

  • SoFi confirms third — Bleepingcomputer · 2026-06-08
    SoFi Hong Kong is warning that it suffered a data breach after hackers gained access to a database at a third-party vendor containing customer information. The company is a U.S.-based financial techno…
  • SoFi Hong Kong Third-Party Data Breach Exposes Customer Information — Rescana · 2026-06-09
    On April 30, 2026, SoFi Hong Kong detected unauthorized access to a customer information database managed by a third-party vendor. This incident, confirmed by official company statements and regulator…
  • Claim Depot, May 12, 2026 — www.claimdepot.com · 2026-06-09
    On Dec. 29, 2025, SoFi Technologies, Inc. , a major San Francisco-based financial technology company, experienced a data breach that affected 38,049 Washington residents. The incident was the result o…

Timeline

  • 2026-04-30 — Unauthorized access detected: SoFi Hong Kong discovered unauthorized access to a customer database managed by a third-party vendor.
  • 2026-06-08 — Breach publicly disclosed: SoFi publicly announced the data breach, confirming exposure of customer PII.
  • Date unkno — Ongoing investigation: SoFi is conducting an ongoing investigation to assess the scope and impact of the incident.

Related entities

  • Data Breach (Attack Type)
  • Phishing (Attack Type)
  • SoFi (Company)
  • SoFi Hong Kong (Company)
  • SoFi Securities (Hong Kong) Limited (Company)
  • United States (Country)
  • CWE-200 - Exposure of Sensitive Information (Cwe)
  • rescana.com (Domain)
  • sofi.hk (Domain)
  • [email protected] (Email)
  • [email protected] (Email)
  • Financial (Industry)
  • T1195 - Supply Chain Compromise (Mitre Attack)
  • T1566 - Phishing (Mitre Attack)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed