City Index Reports Intrusion and Potential Data Breach

Financial trading and spread betting service provider City Index has informed users of a breach of their personal data, including names, dates of birth, gender and bank details.

In a notification sent to users on May 8, City Index said that its network “was accessed by an unauthorized third party and client personal data may have been viewed.” Upon discovering the incident, it said it “shut down access to the server concerned and launched a full forensic investigation.” The incident took place on April 14.

In an immediate response to the incident, City Index sent an advisory to affected clients suggesting that they reset their City Index passwords and consider also resetting the password if it is used for other accounts the client may have elsewhere.

“We sincerely apologize for this incident and wish to assure you of our continued commitment to your data security,” it said in the statement.

City Index’s parent company Gain Capital declined to comment on how many people had been affected by the breach, or how long attackers had been inside the network for.

In an email to Infosecurity, a spokesperson for the Information Commissioner’s Office, said: “We have received a report from Gain Capital of an incident and are assessing the information provided.” The Financial Conduct Authority told Infosecurity that it was unable to comment on individual firms.

What’s Hot on Infosecurity Magazine?