Some Topstep Users’ Names and Social Security Numbers Exposed

Topstep, a US-based futures prop trading firm, has informed “some users” that their personal information, including name and Social Security number, may have been leaked during a cyberattack last September.

DDoS Attack Exposed Users’ Data?

A letter sent to affected Topstep customers pointed out that the data compromise was linked to a distributed denial-of-service (DDoS) attack that the prop platform experienced on 8 September 2025.

The prop firm, in the letter, mentioned that after “an extensive internal review”, on 3 December last year, it discovered that between 8 September 2025 and 16 October 2025, “certain files” containing users’ “personally identifiable information may have been subject to unauthorised access or acquisition.”

🚨Breaking: @Topstep notifies customers that between September 8th and October 16th their personal information may have been subject to unauthorized access. pic.twitter.com/3yYLfn7YsB

— Jmu (@jmutrades) January 3, 2026

However, Topstep’s support team later took a U-turn and blamed the information breach on non-Topstep sites.

“This did NOT involve a breach of Topstep systems,” the prop firm highlighted in an X post. “It involved a small number of traders linked to reusing their passwords from non-Topstep sites that were exposed to data breaches.”

Some traders may have received a notice about a recent cybersecurity incident. This did NOT involve a breach of Topstep systems. It involved a small number of traders linked to reusing their passwords from non-Topstep sites that were exposed to data breaches.

Protecting your…

— Topstep Support (@AskTopstep) January 4, 2026

According to the letter circulating on social media, Topstep is providing access to credit monitoring services to affected customers free of charge.

• Topstep Faces Prop Traders' Wrath due to Repeated Outages, CEO Sets January Deadline for a Fix
• Prop Firm FundingTicks Faces Massive Backlash after “Retroactive Rule Change”
• Retail Trading & Prop Firms in 2025: Five Defining Trends - And One Prediction for 2026

DDoS attacks are a malicious attempt to disrupt the normal traffic of a targeted server, service, or network by overwhelming the target infrastructure with a flood of internet traffic.

Many brokers and prop firms have become targets of such cyberattacks in recent years. FinanceMagnates.com earlier reported that E8 Markets and Founding Pips were among the victims of DDoS attacks.

Read more: How to Survive a DDoS Attack (and Save Millions)

Popular, but Controversial

Topstep is one of the leading futures prop platforms in the US. It was founded and is run by Michael Patak. It has also onboarded London-listed Plus500, a contracts for differences (CFD) broker, as its technology provider.

Recently, the prop platform faced backlash on social media due to repeated outages and issues on its only trading platform. Some traders said they were unable to open or close positions, while others claimed their accounts were blown up because of the outages. One trader said that Topstep did not always acknowledge the outages.

Topstep offers trading on only one platform, TopstepX, which is a rebranded version of ProjectX. Although many claim a link between Topstep and ProjectX, neither company has officially confirmed it.

Patak, the CEO of the prop trading platform, also acknowledged the outages and stated that “in January, we will be making things right.”