IG Securities, also known as IG Japan, issued an apology today (Monday) after identifying improper handling of customer “specific personal information,” including My Number identification data.

Singapore Summit: Meet the largest APAC brokers you know (and those you still don't!).

The company said two issues were identified. First, some employees within IG Group had unauthorized internal access to customer data through an internal system. The information included names, dates of birth, addresses, contact details, and My Number data. The start date of this access issue is not known.

Second, customer data was stored on an external server managed by IG Markets Limited without prior approval from IG Securities. This occurred around late January 2026. The company stated that the cloud Cloud The cloud or cloud computing helps provides data and applications that can be accessed from nearly any location in the world so long as a stable Internet connection exists. Categorized into three cloud services, cloud computing is segmented into Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). In terms of trading, the versatility of the cloud service allows retail traders the ability to test out new trading strategies, backtest pre-existing conc The cloud or cloud computing helps provides data and applications that can be accessed from nearly any location in the world so long as a stable Internet connection exists. Categorized into three cloud services, cloud computing is segmented into Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). In terms of trading, the versatility of the cloud service allows retail traders the ability to test out new trading strategies, backtest pre-existing conc Read this Term provider itself could not access the stored data.

Contractor Oversight Failure Behind IG Japan Data Incident

In total, 162,879 customers were potentially affected by internal access, meaning their data could be viewed within the group. A separate 29,734 customers had their data stored on the external server.

• EU Regulators Advance Third-Party ICT Oversight Under DORA and Reiterate Crypto Warnings
• FCA and 16 Regulators Coordinate Action Against Finfluencers as 1,267 Illegal Ads Reach 2.3M UK Users
• Exclusive: ACCM Posts $2.1 Trillion Q1 Volume as Gold Drives 91% of CFD Activity

IG Securities said there is no evidence of any external access or data leak outside the group.

The company attributed the incident to failures in oversight of its contractor, IG Markets Limited. It cited a “misunderstanding” of the sensitivity of My Number data, insufficient access controls, and a configuration error during system development.

External Records Deleted, Sensitive Data Moved Locally

The internal access issue was resolved on February 24, 2026. External server data was deleted on March 5, 2026. By March 27, 2026, all My Number-related data had been transferred to systems located in Japan.

As part of its response, IG Securities said it will restrict data access to necessary personnel, store sensitive data domestically, strengthen contractor supervision, and remove My Number data from shared internal systems.

The company described the incident as a failure in data governance and control, adding that customer data was exposed internally due to inadequate safeguards.

Finance Magnates has reached out to IG for comment on its disclosure. As of writing, no response has been provided.