SoFi Hong Kong confirmed a data breach resulting from unauthorized access to a database managed by a third-party vendor. The breach was detected on April 30, 2026, and involves customer information, though the precise data compromised is still under investigation. SoFi has engaged external cybersecurity experts to assist in the response and has communicated with customers to advise precautionary measures. The company has enhanced account monitoring and security controls post-incident. Details such as the extent of the breach, affected customer count, and vendor identity have not been disclosed.

The breach potentially exposed customer information held in a third-party vendor's database, but the exact nature and extent of the data compromised are currently unknown. This uncertainty may increase risks of phishing, fraud, or identity theft for affected customers. SoFi has not reported any extortion or confirmed exploitation in the wild. The incident impacts customer trust and may require ongoing monitoring and response efforts.

SoFi has implemented additional safeguards and monitoring on affected accounts and is actively investigating the incident with third-party cybersecurity assistance. Customers are advised to update passwords, enable two-factor authentication where available, monitor accounts for suspicious activity, and be cautious of unsolicited communications. Since this is a third-party breach, SoFi is managing remediation efforts internally. Patch status is not applicable as this is a data breach event rather than a software vulnerability.