Multi-regulated FX broker Pepperstone has just updated its clients about the data security breach that occurred in late July. The company said the security issue had originated from one of its third-party vendors after hackers used malware to compromise its computers and obtained access to the provider’s credentials.
Not so long after that, the team further explains, the intruders then used those credentials to gain access to Pepperstone’s internal client relationship management system (CRM). Although it managed to stop the cyber attack, the miscreant gained possession of personal information of undisclosed number of Pepperstone’s clients.
The company has provided more details of its ongoing investigation into the matter, revealing that only personal may have been impacted. The Australian broker confirmed the breach was limited to clients’ names, contact details (such as email, phone number and physical address) and date of birth.
The broker, however, said none of its trading systems, client’ accounts, passwords or bank accounts were compromised or at risk as a result of the incident.
According to an email sent to clients, Pepperstone came up with the conclusion below on the incident a couple of hours ago, addressing its clients.
“The criminals accessed a subset of our account holder data via the client relationship management system. Importantly, the criminals weren’t able to access our trading environment or our financial systems, which are segregated from our client relationship management system. This means that the criminals didn’t gain access to any trading accounts, banking details, passwords or ID documents that we hold for you. Our clients can continue to have confidence in using our trading systems safely and securely.”
Pepperstone recommends precautionary measures
Once we became aware of the issue, on July 22, the company engaged as a matter of urgency with their respective data privacy regulators and forensic experts to conduct an extensive investigation
As a precaution, however, Pepperstone told clients to enable two-factor authentication and change their passwords. And more importantly, they were asked to contact their local cybercrime agency if they believe their personal information has been compromised. Clients were also advised to consult with their banks immediately if they sent money or provided confidential banking information to any potential scammers.
At this point, Pepperstone absolved itself of any wrongdoing in the matter by somewhat directing the blame toward a third-party provider managing some of its outsourced operations. The company, however, called security its “top priority,” saying that it will remain committed to protecting its users in “all possible circumstances,” with its robust security measures.
Hot
-THE END-