RiskEvents

Developing event. Generated by AI and subject to further corroboration and review.

DevelopingLow impactAI Refreshed

SoFi Hong Kong subsidiary confirms third-party vendor data breach

Occurred 30 Apr 2026·Detected 10 Jun 2026·
🇭🇰 Hong Kong, specifically SoFi Securities (Hong Kong) Limited3 reports
CyberCyber

SoFi Securities (Hong Kong) Limited has confirmed a third-party vendor data breach discovered on April 30, 2026, in which unauthorized actors accessed a vendor database containing subsidiary customer information. The scope of personal data exposed, customer count, vendor identity, and any extortion or ransomware component remain undisclosed. External incident response has been engaged and a Hong Kong support line established. No insured loss estimate, confirmed customer count, ransom demand, vendor identity, or regulator action has been disclosed, and there is no evidence of systemic market impact.

AI-generated from linked source reports. See our correction policy.

Impact verdict

Low impact. Loss pathway centres on a supply-chain data breach at a Hong Kong fintech securities subsidiary, with potential third-party liability exposure, regulatory exposure under Hong Kong privacy rules, and cyber insurance implications. No insured loss estimate, confirmed customer count, ransom demand, vendor identity, or regulator action has been disclosed, and there is no evidence of systemic market impact. Watch items remain vendor identity, scope of personal data exposed, any extortion or ransomware demand, and any subsequent Hong Kong Privacy Commissioner or other regulator action.

View assessment methodology

How we grade what we know -- Known · Reported · Uncertain. Methodology →

Intelligence ledger

Each line expands in place to its underlying sourced claim.

AI refreshed 18 Jun 2026, 08:24

Known37 lines

SoFi Securities (Hong Kong) Limited confirmed a data breach discovered on April 30, 2026
structured lineknown
No separate sourced-claim record is available for this line yet.
Unauthorized access occurred via a third-party vendor's database
structured lineknown
No separate sourced-claim record is available for this line yet.
SoFi has engaged a third-party cybersecurity firm for incident response
structured lineknown
No separate sourced-claim record is available for this line yet.
A Hong Kong support line (+852 26938888) has been established for affected customers
structured lineknown
No separate sourced-claim record is available for this line yet.
The unauthorized access occurred via a third-party vendor's database, establishing the incident as a supply-chain cyber event rather than a direct compromise of SoFi HK systems.
breach_attack_vector_third_party_vendorsupply chain cyber exposureCyber
Market relevance: Supply-chain vector is material to third-party cyber liability and contingent business interruption coverage considerations.
hackers gained unauthorized access to a third-party vendor's database containing customer information” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
The affected entity is SoFi Securities (Hong Kong) Limited, a relatively small subsidiary within a US fintech parent.
small_hk_subsidiary_of_us_fintech_parentcontained group exposureCyber
Market relevance: limits systemic market impact; affects size-of-loss band
This is a supply-chain cyber incident affecting a financial services entity in Hong Kong” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
No insured loss estimate has been disclosed or identified at this stage.
sofi_hk_no_insured_loss_estimateloss estimate pendingCyber
Market relevance: Absence of loss estimate supports low current materiality banding pending further disclosure.
No insured loss estimate... has been identified at this stage” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
Supersession history: 1 prior/revised claim rows.
The affected entity is SoFi Securities (Hong Kong) Limited, a Hong Kong securities subsidiary of US-based SoFi.
sofi_hk_subsidiary_identifiedentity identificationvalid from 10 Jun 2026, 18:58Cyber
Market relevance: Identifies the insured or affected entity in a cyber liability context.
SoFi confirms third-party data breach at Hong Kong subsidiary” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
Unauthorized access occurred via a third-party vendor's database holding SoFi Hong Kong subsidiary customer information.
third_party_vendor_access_vectorcoverage triggervalid from 10 Jun 2026, 18:58Cyber
Market relevance: Supply-chain vector is a key driver of third-party liability and cyber insurance coverage triggers.
hackers gained unauthorized access to a third-party vendor's database containing customer information” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
Supersession history: 1 prior/revised claim rows.
The data breach was discovered on April 30, 2026.
breach_discovered_datetimelinevalid from 10 Jun 2026, 18:58Cyber
Market relevance: Discovery date anchors notification timeline and potential regulatory clock under Hong Kong privacy rules.
SoFi Securities (Hong Kong) Limited disclosed a data breach discovered on April 30, 2026” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
SoFi Securities (Hong Kong) Limited confirmed a data breach discovered on April 30, 2026 affecting customer information held by a third-party vendor.
sofi_hk_breach_confirmedcyber loss pathwayvalid from 30 Apr 2026, 00:00Cyber
Market relevance: Confirmed breach disclosure at a regulated securities subsidiary with potential cyber liability exposure.
SoFi Hong Kong disclosed a data breach at a third-party vendor containing customer information from its securities business.” — r/cybersecurity · 8 Jun 2026, 22:06 · social community
hackers gained unauthorized access to a third-party vendor's database containing customer information” — r/privacy · 8 Jun 2026, 22:04 · social community
SoFi confirms third-party data breach at Hong Kong subsidiary” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
Supersession history: 1 prior/revised claim rows.
Unauthorized access occurred via a third-party vendor's database holding subsidiary customer information, establishing a supply-chain attack vector.
supply_chain_vendor_access_vectorcyber loss pathwayvalid from 30 Apr 2026, 00:00Cyber
Market relevance: Supply-chain attack vector is a material loss pathway for cyber liability coverage.
hackers gained unauthorized access to a third-party vendor's database” — r/privacy · 8 Jun 2026, 22:04 · social community
We do not yet have complete information about the scope and impact of the incident” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
SoFi Securities (Hong Kong) Limited confirmed a data breach discovered on April 30, 2026, involving unauthorized access to a third-party vendor database holding subsidiary customer information.
sofi_hk_vendor_breach_confirmedpotential cyber liability exposurevalid from 30 Apr 2026, 00:00Cyber
Market relevance: Supply-chain cyber event at a Hong Kong fintech securities subsidiary; relevant to cyber insurers writing financial lines and to parent-company cyber programmes with APAC extensions.
SoFi confirms third-party data breach at Hong Kong subsidiary” — r/cybersecurity · 8 Jun 2026, 22:06 · social community
SoFi confirms third-party data breach at Hong Kong subsidiary” — r/privacy · 8 Jun 2026, 22:04 · social community
SoFi confirms third-party data breach at Hong Kong subsidiary” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
Supersession history: 1 prior/revised claim rows.
Unauthorized actors accessed customer data via a third-party vendor's database, indicating a supply-chain attack vector.
breach_vector_third_party_vendorunderwriting signalvalid from 10 Jun 2026, 18:58Cyber
Market relevance: Supply-chain cyber exposure is a material underwriting concern for cyber and tech E&O lines.
third-party data breach at Hong Kong subsidiary” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
Supersession history: 1 prior/revised claim rows.
Unauthorized access to SoFi Hong Kong customer data occurred through a third-party vendor's database (supply-chain vector).
breach_via_third_party_vendor_databasesupply chain cyber liabilityvalid from 30 Apr 2026, 00:00Cyber
Market relevance: supply-chain cyber exposure for fintech and financial services
SoFi has disclosed a data breach affecting its Hong Kong securities subsidiary” — r/cybersecurity · 8 Jun 2026, 22:06 · social community
hackers gained unauthorized access to a third-party vendor's database containing customer information” — r/privacy · 8 Jun 2026, 22:04 · social community
hackers gained unauthorized access to a third-party vendor's database containing customer information” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
SoFi Securities (Hong Kong) Limited disclosed a data breach detected on April 30, 2026.
sofi_hk_breach_disclosure_dateloss estimate pendingvalid from 30 Apr 2026, 00:00Cyber
Market relevance: Confirms the event timeline for cyber claim triggers and notification clocks.
SoFi confirms third-party data breach at Hong Kong subsidiary” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
Supersession history: 1 prior/revised claim rows.
Unauthorized access occurred through a third-party vendor's database, indicating a supply-chain attack vector.
sofi_hk_third_party_vendor_vectorcoverage trigger reviewvalid from 30 Apr 2026, 00:00Cyber
Market relevance: Supply-chain vector is relevant to contingent business interruption and third-party liability coverage assessments.
unauthorized actors accessed customer data through a third-party vendor's database” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
Unauthorised access to customer data occurred through a third-party vendor's database rather than directly through SoFi's own systems.
sofi_hk_third_party_vectorloss watchvalid from 10 Jun 2026, 18:58Cyber
Market relevance: Supply-chain vector raises third-party liability and contingent business interruption considerations for cyber insurers.
unauthorized actors accessed customer data through a third-party vendor's database” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
SoFi Securities (Hong Kong) Limited confirmed a data breach discovered on April 30, 2026.
incident_disclosure_datecyber incident timingcyber
Market relevance: establishes incident timing for cyber claims notification and policy trigger analysis
BleepingComputer · 8 Jun 2026, 21:55 · trade media
SoFi has engaged a third-party cybersecurity firm for incident response.
incident_response_engagedresponse activityvalid from 10 Jun 2026, 18:58Cyber
Market relevance: IR engagement is standard and informs potential forensics cost layer under cyber policies.
SoFi has engaged a third-party cybersecurity firm for incident response” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
Supersession history: 1 prior/revised claim rows.
A Hong Kong support line (+852 26938888) has been established for affected customers.
hong_kong_support_line_establishedresponse activityvalid from 10 Jun 2026, 18:58Cyber
Market relevance: Support line establishment signals active customer notification, a potential trigger for notification cost coverage.
A Hong Kong support line (+852 26938888) has been established for affected customers” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
Supersession history: 1 prior/revised claim rows.
The event is in the developing lifecycle stage, with evidence_trigger: corroboration >= 2.
lifecycle_developingcontextvalid from 15 Jun 2026, 23:54
Market relevance: Lifecycle stage governs materiality banding and alert cadence.
Status changed to developing: evidence_trigger: corroboration >= 2” — Source · 17 Jun 2026, 20:23
Supersession history: 1 prior/revised claim rows.
Event is in the developing stage with no resolution or full scope currently established.
event_lifecycle_developingstatusvalid from 15 Jun 2026, 23:54Cyber
signal -> developing” — Source · 17 Jun 2026, 08:53
A Hong Kong support line (+852 26938888) has been established for affected customers.
hk_customer_support_line_establishednotification costsCyber
Market relevance: Customer notification operations are an insured cost component under cyber policies.
A Hong Kong support line (+852 26938888) has been established” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
SoFi has engaged a third-party cybersecurity firm to conduct incident response.
ir_engaged_third_party_cybersecurity_firmclaims pressurevalid from 10 Jun 2026, 18:58Cyber
Market relevance: Standard IR engagement; no immediate loss-amplification signal.
third-party cybersecurity firm” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
A Hong Kong support line (+852 26938888) has been established for affected customers.
hk_support_line_establishedclaims pressurevalid from 10 Jun 2026, 18:58Cyber
Market relevance: Customer notification posture is in place; relevant to regulatory and notification cost exposure.
+852 26938888” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
Supersession history: 1 prior/revised claim rows.
SoFi Hong Kong has engaged a third-party cybersecurity firm to investigate the incident.
third_party_cybersecurity_firm_engagedincident response activityvalid from 30 Apr 2026, 00:00Cyber
Market relevance: indicates active incident response; informs loss timeline and notification obligations
The subsidiary has engaged a third-party cybersecurity firm and opened a Hong Kong support line.” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
Event lifecycle is 'developing' following corroboration across at least two independent sources.
lifecycle_status_developingcontextvalid from 15 Jun 2026, 23:54Cyber
Market relevance: Lifecycle status governs alerting cadence and exposure tracking for underwriters.
Source · 16 Jun 2026, 00:13
A Hong Kong support line (+852 26938888) has been established for affected customers.
sofi_hk_support_lineloss estimate pendingvalid from 30 Apr 2026, 00:00Cyber
Market relevance: Support line activation supports notification cost accrual under cyber policies.
A Hong Kong support line (+852 26938888) has been established for affected customers” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
Supersession history: 1 prior/revised claim rows.
SoFi has engaged a third-party cybersecurity firm for incident response.
sofi_hk_ir_engagementloss estimate pendingvalid from 30 Apr 2026, 00:00Cyber
Market relevance: IR engagement is consistent with cyber claim notification timelines and duty-to-cooperate conditions.
SoFi has engaged a third-party cybersecurity firm” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
SoFi has engaged a third-party cybersecurity firm to assist with incident response and investigation.
sofi_hk_ir_firm_engagedclaims activityvalid from 10 Jun 2026, 18:58Cyber
Market relevance: External IR engagement is consistent with cyber policy notification and claims handling triggers.
The subsidiary has engaged a third-party cybersecurity firm” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
No Hong Kong Privacy Commissioner or other regulatory action has been publicly announced in connection with the breach.
sofi_hk_no_regulator_actioncontextvalid from 10 Jun 2026, 18:58Financial Institutions
Market relevance: Regulatory action in Hong Kong would materially shift severity under cyber and FI policies.
regulatory action... has been identified at this stage” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
The event remains at signal-stage maturity: confirmed breach, no quantified impact metrics, no identified London market loss mechanism.
sofi_hk_lifecycle_signalcontextvalid from 14 Jun 2026, 17:48Cyber
Market relevance: Lifecycle stage governs whether underwriters and claims teams should treat the event as actionable.
lifecycle_status: signal” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
No regulatory action by the Hong Kong Privacy Commissioner or other authorities has been confirmed.
no_regulator_action_confirmedregulatory uncertaintyCyber
Market relevance: Regulator action would escalate notification and potential fine exposures
no regulatory action confirmed” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
Supersession history: 1 prior/revised claim rows.
SoFi has engaged a third-party cybersecurity firm to support incident response.
incident_response_firm_engagedcontext onlyvalid from 10 Jun 2026, 18:58Cyber
Market relevance: Standard IR engagement; informs potential mitigation of insured loss and notification cost under cyber policies.
SoFi has engaged a third-party cybersecurity firm for incident response” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
SoFi has engaged a third-party cybersecurity firm to assist with incident response.
incident_response_engagementincident response costscyber
Market relevance: IR engagement is standard post-breach action; relevant to coverage under cyber policy first-party response costs.
BleepingComputer · 8 Jun 2026, 21:55 · trade media
SoFi Securities (Hong Kong) Limited disclosed a data breach discovered on April 30, 2026, originating from a third-party vendor's database.
incident_disclosure_sofi_hk_vendor_breachpotential third party liabilityvalid from 10 Jun 2026, 18:58cyber
Market relevance: Cyber insurance market relevance via supply-chain/third-party vendor exposure at a regulated financial services subsidiary in Hong Kong.
SoFi Securities (Hong Kong) Limited disclosed a data breach discovered on April 30, 2026” — BleepingComputer · 10 Jun 2026, 19:03

Reported19 lines

Customer data was potentially exposed through the vendor breach
structured linereported
No separate sourced-claim record is available for this line yet.
No Hong Kong Privacy Commissioner or other regulator action has been disclosed as of the latest reporting.
no_regulator_action_disclosedregulatory exposureCyber
Market relevance: Regulatory action status affects severity banding and potential fines coverage assessment.
no insured loss estimate, confirmed customer count, ransom demand, vendor identity, or regulator action has been disclosed” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
Supersession history: 1 prior/revised claim rows.
The incident creates potential regulatory exposure under Hong Kong privacy rules.
hong_kong_privacy_regulatory_exposureregulatory exposureCyber
Market relevance: Hong Kong privacy regulatory exposure is a potential coverage trigger under regulatory defense and fines coverage.
regulatory exposure under Hong Kong privacy rules” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
Incident corroborated by two social/community posts on Reddit (r/cybersecurity and r/privacy), consistent with trade media reporting.
corroboration_social_communitycontextCyber
Market relevance: Corroboration supports factual posture but does not raise materiality.
We do not yet have complete information about the scope and impact of the incident” — r/cybersecurity · 8 Jun 2026, 22:06 · social community
We do not yet have complete information about the scope and impact of the incident” — r/privacy · 8 Jun 2026, 22:04 · social community
As a Hong Kong-regulated securities entity handling personal data, the subsidiary faces potential regulatory exposure under Hong Kong privacy rules.
hk_privacy_regulatory_exposure_potentialcyber loss pathwayCyber
Market relevance: Hong Kong privacy regulator exposure is a potential regulatory fines and notification cost pathway.
potential implications for cyber liability coverage and regulatory exposure across multiple jurisdictions” — r/privacy · 8 Jun 2026, 22:04 · social community
regulatory exposure under Hong Kong privacy rules” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
The incident creates potential regulatory exposure under Hong Kong privacy rules; no regulator action has been confirmed to date.
hk_regulatory_exposure_potentialregulatory exposureCyber
Market relevance: Hong Kong PCPD notification and enforcement can drive regulatory defence costs within cyber cover.
potential regulatory exposure under Hong Kong privacy rules” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
Customer data was potentially exposed through the vendor breach, per SoFi Hong Kong's disclosure.
customer_data_exposure_reportedpotential privacy regulatory exposureCyber
Market relevance: drives privacy/regulatory exposure and notification triggers
The scope, number of affected customers, and specific data exposed remain unknown.” — r/cybersecurity · 8 Jun 2026, 22:06 · social community
a data breach at a third-party vendor containing customer information from its securities business” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
No public statement or enforcement action from the Hong Kong Privacy Commissioner or other regulators has been disclosed as of the latest update.
regulator_action_none_discloseduncertaintyvalid from 15 Jun 2026, 23:58Cyber
Market relevance: Regulator action would materially shift notification and penalty exposure under Hong Kong PDPO.
BleepingComputer · 8 Jun 2026, 21:55 · trade media
SoFi Securities (Hong Kong) Limited is a subsidiary of a US-listed fintech parent.
parent_entity_contextcontext onlyCyber
Market relevance: Parent-entity context supports assessment of incident as a contained subsidiary-level event
SoFi Securities (Hong Kong) Limited is a subsidiary of SoFi” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
The event is characterized as a supply-chain cyber incident affecting a financial services entity in Hong Kong, with potential third-party liability and cyber insurance implications.
supply_chain_financial_services_hkpotential third party liabilityvalid from 10 Jun 2026, 18:58cyber
Market relevance: Supply-chain vendor breaches at financial services subsidiaries are a recurring driver of cyber and third-party liability claims, including in the London market.
BleepingComputer · 10 Jun 2026, 19:03
Customer data was potentially exposed through the third-party vendor breach; specific categories and scope remain undisclosed.
customer_data_potentially_exposedseverity unknownvalid from 10 Jun 2026, 18:58Cyber
Market relevance: Data exposure scope drives notification costs, regulatory exposure, and first-party indemnity severity.
We do not yet have complete information about the scope and impact of the incident, or whether (and, if so, which categories of) your personal data was involved.” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
Supersession history: 1 prior/revised claim rows.
Customer data was potentially exposed through the vendor breach; categories and scope remain unconfirmed.
sofi_hk_customer_data_exposureloss estimate pendingvalid from 30 Apr 2026, 00:00Cyber
Market relevance: Data exposure is a precondition for notification costs, regulatory fines, and first-party cyber loss estimates.
customer data was potentially exposed through the vendor breach” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
Customer data was potentially exposed through the vendor breach; specific data categories are not yet confirmed.
customer_data_exposure_potentialcyber first party costsCyber
Market relevance: Data exposure scope drives regulatory notification thresholds and potential first-party costs
We do not yet have complete information about the scope and impact of the incident, or whether (and, if so, which categories of) your personal data was involved.” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
Customer data was potentially exposed through the vendor breach; scope and categories remain undisclosed.
customer_data_exposure_scopepotential pii exposurecyber
Market relevance: Scope of personal data exposure drives regulatory notification thresholds and potential PII-related liability under Hong Kong PDPO.
We do not yet have complete information about the scope and impact of the incident, or whether (and, if so, which categories of) your personal data was involved.” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
No insured loss estimate has been disclosed.
no_insured_loss_estimateseverity unknownCyber
Market relevance: Absence of disclosed loss estimate supports low materiality banding at this stage.
No insured loss estimate” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
Supersession history: 1 prior/revised claim rows.
No insured loss estimate has been disclosed.
no_insured_loss_estimate_disclosedlossCyber
Market relevance: Absence of disclosed loss estimate supports low market materiality banding at present.
No insured loss estimate disclosed” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
Supersession history: 1 prior/revised claim rows.
The supply-chain breach at a third-party vendor creates potential third-party liability exposure for SoFi Hong Kong.
third_party_liability_exposurecoverage triggerCyber
Market relevance: Third-party liability is a core cyber coverage exposure and watch item for underwriters.
potential third-party liability exposure” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
There is no evidence of systemic market impact from this incident.
no_systemic_market_impactno systemic impactCyber
Market relevance: No systemic impact supports continued low materiality assessment for portfolio-level concerns.
there is no evidence of systemic market impact” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
Supersession history: 1 prior/revised claim rows.
No evidence of systemic market impact has been observed.
no_systemic_market_impact_observedno systemic market impactCyber
Market relevance: caps near-term insured and market impact; supports low severity band
there is no evidence of systemic market impact” — BleepingComputer · 8 Jun 2026, 21:55 · trade media

Uncertain45 lines

Scope and categories of personal data affected
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Total number of customers impacted
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Identity of the third-party vendor
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Whether the incident involved extortion or ransomware demands
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Threat actor attribution
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Total number of customers impacted has not been disclosed.
customer_count_impacted_uncertaincyber loss pathwayCyber
Market relevance: Customer count is a key driver of notification costs, credit monitoring, and potential regulatory penalties.
The scope, number of affected customers, and specific data exposed remain unknown” — r/cybersecurity · 8 Jun 2026, 22:06 · social community
The scope of exposed personal data remains unknown” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
Total number of customers impacted has not been disclosed.
affected_customer_count_unknownuncertain cyber severityCyber
Market relevance: Customer count is a key severity input for cyber aggregation and notification cost modelling.
The scope of exposed personal data remains unknown” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
Supersession history: 1 prior/revised claim rows.
Total number of customers impacted has not been disclosed.
affected_customer_count_uncertainseverity uncertaintyCyber
Market relevance: Affected count drives regulatory notification obligations and potential class exposure
We do not yet have complete information about the scope and impact of the incident” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
The total number of customers impacted has not been disclosed.
affected_customer_countscale unknowncyber
Market relevance: Customer count is a key driver for notification costs, potential class action exposure, and regulatory thresholds.
We do not yet have complete information about the scope and impact of the incident” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
Whether the incident involved extortion or ransomware demands has not been confirmed.
extortion_or_ransomware_unconfirmedclaims pressureCyber
Market relevance: Extortion or ransomware component materially shifts coverage pathway and severity (first-party ransom vs. liability-only).
third-party data breach” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
Supersession history: 1 prior/revised claim rows.
Scope and categories of personal data affected have not been disclosed by SoFi.
scope_of_personal_data_unknownclaims pressureCyber
Market relevance: Unknown data scope limits severity banding; key watch item for notification cost and regulatory exposure.
We do not yet have complete information about the scope and impact of the incident, or whether (and, if so, which categories of) your personal data was involved.” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
Threat actor attribution has not been disclosed.
threat_actor_attribution_unknownunderwriting signalCyber
Market relevance: Attribution affects accumulation considerations for cyber war/sanctions exclusions and systemic risk modelling.
SoFi confirms third-party data breach at Hong Kong subsidiary” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
Supersession history: 1 prior/revised claim rows.
No public confirmation of any extortion demand or ransomware component.
extortion_or_ransomware_component_unknownuncertainty on loss typeCyber
Market relevance: determines whether ransomware/extortion coverages may engage
No insured loss estimate, confirmed customer count, ransom demand, vendor identity, or regulator action has been disclosed” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
The identity of the third-party vendor whose database was accessed has not been publicly disclosed.
third_party_vendor_identity_unknownsupply chain concentration uncertaintyCyber
Market relevance: relevant for understanding supply-chain concentration risk
The scope, number of affected customers, and specific data exposed remain unknown.” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
Supersession history: 1 prior/revised claim rows.
Scope and categories of personal data affected remain unconfirmed by SoFi Hong Kong.
scope_of_personal_data_affected_uncertainuncertainty on severityCyber
Market relevance: limits ability to quantify privacy/regulatory severity
We do not yet have complete information about the scope and impact of the incident, or whether (and, if so, which categories of) your personal data was involved.” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
No Hong Kong Privacy Commissioner or other regulator action has been disclosed at this stage.
sofi_hk_regulator_action_uncertainloss estimate pendingCyber
Market relevance: Regulatory action would be a material driver of insured loss under cyber and D&O policies.
any subsequent Hong Kong Privacy Commissioner or other regulator action” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
Scope and categories of personal data affected, and the total number of customers impacted, remain unconfirmed.
sofi_hk_data_scope_uncertainloss estimate pendingCyber
Market relevance: Scope uncertainty limits insured loss banding; remains a key watch item.
We do not yet have complete information about the scope and impact of the incident, or whether (and, if so, which categories of) your personal data was involved.” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
The identity of the third-party vendor involved has not been disclosed.
sofi_hk_vendor_identity_uncertaincoverage trigger reviewCyber
Market relevance: Vendor identity is relevant for assessing systemic supply-chain risk and contagion to other insureds.
the vendor's identity... remain unconfirmed” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
Supersession history: 1 prior/revised claim rows.
It is unconfirmed whether the incident involved extortion or ransomware demands; threat actor attribution is also unknown.
sofi_hk_extortion_ransomware_uncertainloss estimate pendingCyber
Market relevance: Extortion or ransomware activity would activate different cyber coverage sub-limits (e.g., ransom, business interruption).
any extortion or ransomware component remain unconfirmed” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
Identity of the third-party vendor involved has not been disclosed.
third_party_vendor_identity_uncertainsupply chain exposureCyber
Market relevance: Vendor identity may surface additional policy notifications and systemic exposure across other clients
third-party data breach” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
No threat actor attribution has been reported.
threat_actor_attributionattribution unknowncyber
Market relevance: Attribution may inform accumulation analysis if linked to broader threat campaigns.
BleepingComputer · 8 Jun 2026, 21:55 · trade media
Scope and categories of personal data affected have not been disclosed by the company.
scope_of_data_affected_uncertaincyber loss pathwayCyber
Market relevance: Severity banding cannot be confirmed until data categories and customer count are known.
We do not yet have complete information about the scope and impact of the incident” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
Identity of the third-party vendor has not been disclosed.
vendor_identity_undisclosedcyber loss pathwayCyber
Market relevance: Vendor identity is needed to assess shared liability, contractual indemnity, and any wider sector exposure.
vendor identity remain undisclosed” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
Whether the incident involved extortion or ransomware demands has not been disclosed; threat actor attribution is also unconfirmed.
ransomware_or_extortion_status_unknownuncertain cyber severityCyber
Market relevance: Ransomware tag materially shifts loss pathway toward ransomware extortion coverage and recovery cost sub-limits.
No ransom demand or threat actor attribution has been disclosed” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
The identity of the third-party vendor whose database was accessed has not been disclosed.
vendor_identity_unknownsupply chain cyber exposureCyber
Market relevance: Vendor identity is required for third-party cyber liability coverage triggers and vendor-risk aggregation analysis.
SoFi has not disclosed the identity of the vendor” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
Supersession history: 1 prior/revised claim rows.
The scope and categories of personal data potentially exposed remain undisclosed; SoFi has stated it does not yet have complete information about scope, impact, or which categories of personal data were involved.
exposed_data_scope_unknownuncertain cyber severityCyber
Market relevance: Data category scope is a primary severity driver for cyber liability and regulatory notification thresholds.
We do not yet have complete information about the scope and impact of the incident” — r/privacy · 8 Jun 2026, 22:04 · social community
We do not yet have complete information about the scope and impact of the incident, or whether (and, if so, which categories of) your personal data was involved.” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
It has not been confirmed whether the incident involved any extortion or ransomware demands.
extortion_or_ransomware_componentransomware uncertaincyber
Market relevance: Ransomware or extortion components materially affect cyber policy coverage triggers and loss severity.
BleepingComputer · 8 Jun 2026, 21:55 · trade media
The identity of the third-party vendor whose database was accessed has not been publicly disclosed.
third_party_vendor_identityvendor risk unknowncyber
Market relevance: Vendor identity is relevant to assessing concentration of vendor risk across cyber insurance portfolios.
BleepingComputer · 8 Jun 2026, 21:55 · trade media
The scope and categories of personal data exposed, total number of customers impacted, and identity of the third-party vendor remain unconfirmed.
vendor_breach_scope_unknownuncertain loss estimatecyber
Market relevance: Limits ability to size potential notification costs, regulatory exposure, and third-party liability under cyber and professional indemnity covers.
We do not yet have complete information about the scope and impact of the incident, or whether (and, if so, which categories of) your personal data was involved.” — BleepingComputer · 10 Jun 2026, 19:03
No insured loss estimate has been disclosed for the incident.
no_disclosed_insured_loss_estimatecyber loss pathwayCyber
Market relevance: Absence of a loss estimate keeps current London Market materiality at low.
No insured loss estimate has been disclosed” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
No insured loss estimate has been disclosed.
no_confirmed_insured_loss_estimateclaims pressureCyber
Market relevance: Absence of a loss estimate keeps event at low materiality for market accumulation.
scope of exposed personal data remains unknown” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
No insured loss estimate has been disclosed.
insured_loss_estimate_unavailablecontext onlyvalid from 10 Jun 2026, 18:58Cyber
Market relevance: Without an insured loss figure, severity banding under Q6 market-materiality rubric remains at the low end pending scope confirmation.
no insured loss estimate” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
Identity of the third-party vendor has not been disclosed.
vendor_identity_uncertaincoverage triggerCyber
Market relevance: Vendor identity affects aggregation, subrogation, and third-party liability coverage assessment.
vendor identity, and any extortion or ransomware component remain undisclosed” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
Scope and categories of personal data affected have not been disclosed.
scope_of_personal_data_uncertainseverity unknownCyber
Market relevance: Scope uncertainty limits severity banding and is a key underwriting watch item.
We do not yet have complete information about the scope and impact of the incident” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
Supersession history: 1 prior/revised claim rows.
Total number of customers impacted has not been disclosed.
customer_count_uncertainseverity unknownCyber
Market relevance: Customer count is a primary driver of notification cost and regulatory exposure severity.
Scope, number of affected customers, and specific data exposed remain unknown” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
Whether the incident involved extortion or ransomware demands has not been disclosed.
extortion_or_ransomware_uncertainseverity unknownCyber
Market relevance: Ransomware/extortion confirmation materially changes first-party cyber coverage posture.
any extortion or ransomware component remain undisclosed” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
Supersession history: 1 prior/revised claim rows.
Threat actor attribution has not been disclosed.
threat_actor_attribution_uncertaincontextCyber
Market relevance: Attribution may inform sanctions and OFAC compliance considerations under cyber coverage.
Threat actor attribution” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
Supersession history: 1 prior/revised claim rows.
Whether the incident involved extortion demands, ransomware, or other coercive tactics has not been confirmed.
extortion_ransomware_unconfirmeduncertaintyCrime/Fidelity
Market relevance: Ransomware/extortion triggers separate policy sub-limits and crime coverage considerations.
BleepingComputer · 8 Jun 2026, 21:55 · trade media
The categories of personal data potentially exposed have not been confirmed.
exposed_data_categories_unknownuncertaintyCyber
Market relevance: Data category drives severity of notification obligations and potential identity theft exposure.
We do not yet have complete information about the scope and impact of the incident, or whether (and, if so, which categories of) your personal data was involved.” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
No threat actor group has been attributed to the breach in public reporting.
sofi_hk_threat_actor_uncertaincontextvalid from 10 Jun 2026, 18:58Cyber
Market relevance: Attribution informs accumulation scenarios and potential reinsurance exposure assessment.
Threat actor attribution” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
The categories and scope of personal data exposed in the breach have not been confirmed by SoFi.
sofi_hk_scope_of_pii_uncertainloss watchvalid from 10 Jun 2026, 18:58Cyber
Market relevance: PII scope drives notification cost, regulatory exposure and potential insured severity under cyber and financial institution policies.
We do not yet have complete information about the scope and impact of the incident, or whether (and, if so, which categories of) your personal data was involved.” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
It has not been confirmed whether the incident involved ransomware, extortion or any ransom demand.
sofi_hk_ransomware_uncertainloss watchvalid from 10 Jun 2026, 18:58Cyber
Market relevance: Ransomware / extortion component is a key trigger for cyber extortion sublimits and reinsurance notification.
any extortion or ransomware component remain unconfirmed” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
The total number of customers impacted by the breach has not been disclosed.
sofi_hk_customer_count_uncertainloss watchvalid from 10 Jun 2026, 18:58Cyber
Market relevance: Customer count drives notification cost, regulatory thresholds and insured loss quantum.
scope and impact of the incident” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
The categories of personal data potentially involved (e.g., identifiers, financial, KYC) have not been confirmed.
personal_data_categories_unknowncontext onlyvalid from 10 Jun 2026, 18:58Cyber
Market relevance: Data category mix drives regulatory severity and potential financial-fraud loss under crime/fraud cover.
whether (and, if so, which categories of) your personal data was involved” — BleepingComputer · 8 Jun 2026, 21:55 · trade media
No Hong Kong Privacy Commissioner or other regulator action has been publicly reported as of the latest refresh.
hk_privacy_regulator_action_not_reportedclaims pressureCyber
Market relevance: Regulator action would amplify notification and penalty exposure under Hong Kong PDPO.
regulatory exposure across multiple jurisdictions” — r/privacy · 8 Jun 2026, 22:04 · social community
scope...remains under investigation” — BleepingComputer · 8 Jun 2026, 21:55 · trade media

Geographic Zone Matches

3 active matches

  • TRIA Certified Areas
    Rule-basedConfidence 100%
  • Pacific Ring of Fire
    Rule-basedConfidence 100%
  • Caribbean Hurricane Zone
    Rule-basedConfidence 100%

Geographic zone matches are RiskEvents spatial/analytical indicators, not coverage determinations or Lloyd's official classifications.

Affected countries

🇭🇰 Hong Kong🇺🇸 United States

Latest developments

  • Identity of the third-party vendor remains undisclosed. BleepingComputer
  • Confirmed affected entity is SoFi Securities (Hong Kong) Limited. BleepingComputer
  • Breach discovery date confirmed as April 30, 2026. BleepingComputer
  • Unauthorized access was via a third-party vendor's database, confirming a supply-chain attack vector. BleepingComputer
  • Customer data was potentially exposed; specific categories and scope remain undisclosed. BleepingComputer
  • External incident response has been engaged. BleepingComputer
  • A Hong Kong support line (+852 26938888) has been established for affected customers. BleepingComputer
  • Scope and categories of personal data affected remain undisclosed. BleepingComputer

Timeline

Corroboration15 Jun 2026, 23:58

SoFi Hong Kong disclosed a data breach at a third-party vendor containing customer information from its securities business. The scope, number of affected customers, and specific data exposed remain unknown. The incident represents a supply chain cyber attack on a fintech subsidiary with potential cyber liability and regulatory exposure.

Source: r/cybersecurity (Social / Community) · View source

Status Change15 Jun 2026, 23:54

Status changed to developing

evidence_trigger: corroboration >= 2

signal -> developing

Corroboration15 Jun 2026, 23:54

SoFi has disclosed a data breach affecting its Hong Kong securities subsidiary, where hackers gained unauthorized access to a third-party vendor's database containing customer information. The incident was discovered on April 30, 2026, and the scope of exposed data remains under investigation, with potential implications for cyber liability coverage and regulatory exposure across multiple jurisdictions.

Source: r/privacy (Social / Community) · View source

Initial Detection10 Jun 2026, 18:58

Initial Detection

SoFi Securities (Hong Kong) Limited disclosed a data breach discovered on April 30, 2026, in which unauthorized actors accessed customer data via a third-party vendor's database. The scope of exposed personal data remains unknown, and the company has not confirmed customer count impact, extortion demands, or vendor identity. This is a supply-chain cyber incident affecting a financial services entity in Hong Kong, with potential third-party liability and cyber insurance implications.

We do not yet have complete information about the scope and impact of the incident, or whether (and, if so, which categories of) your personal data was involved.

Source: BleepingComputer (Trade Media) · View source

Lloyd's classifications

Tracking this kind of risk? Get an email when Cyber events escalate.

Get alerts
← Back to live events