IG Securities, also
known as IG Japan, issued an apology today (Monday) after identifying improper
handling of customer “specific personal information,” including My Number
identification data.
Singapore
Summit: Meet the largest APAC brokers you know (and those you still don't!).
The company said two
issues were identified. First, some employees within IG Group had unauthorized
internal access to customer data through an internal system. The information
included names, dates of birth, addresses, contact details, and My Number data.
The start date of this access issue is not known.
Second, customer data
was stored on an external server managed by IG Markets Limited without prior
approval from IG Securities. This occurred around late January 2026. The
company stated that the cloud
Cloud
The cloud or cloud computing helps provides data and applications that can be accessed from nearly any location in the world so long as a stable Internet connection exists. Categorized into three cloud services, cloud computing is segmented into Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). In terms of trading, the versatility of the cloud service allows retail traders the ability to test out new trading strategies, backtest pre-existing conc
The cloud or cloud computing helps provides data and applications that can be accessed from nearly any location in the world so long as a stable Internet connection exists. Categorized into three cloud services, cloud computing is segmented into Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). In terms of trading, the versatility of the cloud service allows retail traders the ability to test out new trading strategies, backtest pre-existing conc
Read this Term provider itself could not access the stored data.
Contractor
Oversight Failure Behind IG Japan Data Incident
In total, 162,879
customers were potentially affected by internal access, meaning their data
could be viewed within the group. A separate 29,734 customers had their data
stored on the external server.
IG Securities said
there is no evidence of any external access or data leak outside the group.
The company attributed
the incident to failures in oversight of its contractor, IG Markets Limited. It
cited a “misunderstanding” of the sensitivity of My Number data, insufficient
access controls, and a configuration error during system development.
External Records
Deleted, Sensitive Data Moved Locally
The internal access
issue was resolved on February 24, 2026. External server data was deleted on
March 5, 2026. By March 27, 2026, all My Number-related data had been
transferred to systems located in Japan.
As part of its
response, IG Securities said it will restrict data access to necessary
personnel, store sensitive data domestically, strengthen contractor
supervision, and remove My Number data from shared internal systems.
The company described
the incident as a failure in data governance and control, adding that customer
data was exposed internally due to inadequate safeguards.
Finance Magnates has
reached out to IG for comment on its disclosure. As of writing, no response has
been provided.
IG Securities, also
known as IG Japan, issued an apology today (Monday) after identifying improper
handling of customer “specific personal information,” including My Number
identification data.
Singapore
Summit: Meet the largest APAC brokers you know (and those you still don't!).
The company said two
issues were identified. First, some employees within IG Group had unauthorized
internal access to customer data through an internal system. The information
included names, dates of birth, addresses, contact details, and My Number data.
The start date of this access issue is not known.
Second, customer data
was stored on an external server managed by IG Markets Limited without prior
approval from IG Securities. This occurred around late January 2026. The
company stated that the cloud
Cloud
The cloud or cloud computing helps provides data and applications that can be accessed from nearly any location in the world so long as a stable Internet connection exists. Categorized into three cloud services, cloud computing is segmented into Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). In terms of trading, the versatility of the cloud service allows retail traders the ability to test out new trading strategies, backtest pre-existing conc
The cloud or cloud computing helps provides data and applications that can be accessed from nearly any location in the world so long as a stable Internet connection exists. Categorized into three cloud services, cloud computing is segmented into Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). In terms of trading, the versatility of the cloud service allows retail traders the ability to test out new trading strategies, backtest pre-existing conc
Read this Term provider itself could not access the stored data.
Contractor
Oversight Failure Behind IG Japan Data Incident
In total, 162,879
customers were potentially affected by internal access, meaning their data
could be viewed within the group. A separate 29,734 customers had their data
stored on the external server.
IG Securities said
there is no evidence of any external access or data leak outside the group.
The company attributed
the incident to failures in oversight of its contractor, IG Markets Limited. It
cited a “misunderstanding” of the sensitivity of My Number data, insufficient
access controls, and a configuration error during system development.
External Records
Deleted, Sensitive Data Moved Locally
The internal access
issue was resolved on February 24, 2026. External server data was deleted on
March 5, 2026. By March 27, 2026, all My Number-related data had been
transferred to systems located in Japan.
As part of its
response, IG Securities said it will restrict data access to necessary
personnel, store sensitive data domestically, strengthen contractor
supervision, and remove My Number data from shared internal systems.
The company described
the incident as a failure in data governance and control, adding that customer
data was exposed internally due to inadequate safeguards.
Finance Magnates has
reached out to IG for comment on its disclosure. As of writing, no response has
been provided.
