SoFi Hong Kong is warning that it suffered a data breach after hackers gained access to a database at a third-party vendor containing customer information.
The company is a U.S.-based financial technology company that offers banking, investing, loans, and other personal finance services. The company also operates SoFi Hong Kong, which provides investment and securities services to customers in the region.
In emails sent to customers and shared with BleepingComputer, SoFi said it discovered the incident on April 30, 2026, after detecting unauthorized access to a database of SoFi Securities (Hong Kong) Limited via one of its vendors.
After discovering the incident, they engaged with a third-party cybersecurity firm to respond.
The company says its investigation is ongoing and that it still does not know which specific data may have been exposed.
"We do not yet have complete information about the scope and impact of the incident, or whether (and, if so, which categories of) your personal data was involved," reads the email sent to SoFi customers.
"We are actively reviewing the situation and taking extra precautions to keep your account secure."
Email sent to SoFi Hong Kong customersSource: BleepingComputer
In a statement shared with BleepingComputer, a SoFi spokesperson confirmed the breach but declined to answer additional questions regarding the incident, including how many customers were affected, whether the company was extorted, or the identity of the third-party vendor involved.
While SoFi has not disclosed what information may have been exposed, the company warned customers to remain vigilant for phishing attempts, suspicious communications, and unusual account activity.
The company also advised customers to update passwords, enable two-factor authentication where possible, monitor financial accounts for suspicious activity, and avoid opening links or attachments in unsolicited emails or messages.
SoFi says it has added additional safeguards and monitoring to affected accounts and may request additional verification information from customers who contact support or make account changes.
The company provided a Hong Kong support line (+852 26938888) and email address ([email protected]) for customers seeking additional information.
Test every layer before attackers do
Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
English (US) ·