SoFi Confirms Third-Party Data Breach at Hong Kong Subsidiary — Customer Names and Contact Details Exposed via Vendor Database Compromise
Summary
SoFi Hong Kong disclosed that hackers gained unauthorized access to a third-party vendor database containing customer information including names and contact details, flagged by the r/cybersecurity community on June 8. The Hong Kong incident is distinct from the US-based SoFi Technologies breach disclosed in January 2026 that affected 38,049 Washington state customers via a December 2025 social engineering attack. Third-party vendor breaches at fintech companies continue to be a persistent attack vector, with attackers bypassing primary institution defenses by targeting contractor data stores.
Originally reported by reddit.com
Read the original article →Original headline: SoFi Confirms Third-Party Data Breach at Hong Kong Subsidiary — Customer Names and Contact Details Exposed via Vendor Database Compromise