Exclusive: XTB Accidentally Releases Affiliate Data in Email

The broker copied hundreds of email addresses to a message detailing new affiliate policies

Finance Magnates learned on Monday that retail brokerage XTB accidentally sent out an email on Friday that contained details for hundreds of its affiliates.

The broker appears to have been attempting to send an email to its affiliates, updating them about a new company policy.

The iFX EXPO is Back in Limassol!

This is not an unusual thing for a broker to do.

But usually, these messages are sent via a mail merge, meaning that a user who gets the email won’t be able to see who else has received it.

In this instance, it appears as though someone at XTB accidentally copied all affiliate marketers into the email.

That meant everyone receiving the email could then see the addresses of all other affiliate marketers working for the broker.

GDPR breach

It’s unclear exactly what the fallout from such a mistake could be.

General Data Protection Regulation (GDPR), which was introduced by the European Union last May, places stringent rules on how firms must treat data.

Breaching those rules can result in fines reaching up to four percent of a company’s annual revenue.

Suggested articles

Did COVID-19 Save the Forex Industry?Go to article >>

Beyond any potential regulatory infringements, there is also the simple damage that such a leek could do to XTB’s reputation.

Affiliates and introducing brokers (IBs), like many other internet users, may not want others to know who they are working for.

Thus, affiliates may be less inclined to work alongside the broker in the future.

Similarly, if someone now has all of that data, they could take it to another firm – one looking for affiliates – and they would have a substantial list of leads.

Finance Magnates reached out to XTB for comment on this article but, at the time of publication, the company had not responded.

UPDATE: Finance Magnates received the following comments from X-Trade Brokers:

We would like to inform, that we have reported that one of our subsidiaries dedicated solely to the marketing activity, has unintentionally disclosed email addresses of members of our affiliate program. The incident was the result of a failure of one employees [sic] exercising due diligence measures undertaken by XTB in order to keep personal data of the company in secret. We assess that processes established in XTB and its subsidiaries for the purpose of personal data protection are adequate, however they turned out to be not resistant to each possible human factor that could challenge them.

Please be informed, that X-Trade Brokers Dom Maklerski S.A. and its subsidiaries are highly devoted to maintain the highest professional standards in personal data protection and keeping any confidential information in secret.  The discussed incident clearly indicates that X-Trade Brokers DM S.A. has much room for improvement in this respect, and we hope that this incident will positively affect our organization and shall strengthen safeguards we have in place.

Best regards,

X-Trade Brokers DM S.A.

Got a news tip? Let Us Know