Forex broker Pepperstone Pepperstone, which is based in Australia, informed its clients of a security breach that occurred just over a week ago. Pepperstone said the security issue arose from one of its third-party suppliers after a group of hackers used malware to hack computers and gained access to the provider's credentials to gain some access to Pepperstone's internal customer relationship management (CRM) system. And although the broker succeeded in stopping the cyber attack, the hackers obtained some personal information from a subset of Pepperstone's customers.
Pepperstone hack details
The company provided more details about its ongoing investigation into the matter, and disclosed what types of personal data may have been affected. The broker confirmed that the breach included customer names, contact details (such as email, phone number, and physical address) and date of birth. None of the trading systems, customer accounts, identity documents, passwords or bank accounts were hacked.
Pepperstone notified affected individuals immediately. Pepperstone Group Limited spokesperson said the following
We have conducted a forensic investigation into a malware attack on July 22 that compromised a computer system used by a third-party service provider. And before the attack was halted, the hackers were able to get hold of some personal information of some of our account holders. We believe the information has been shared with third parties, who have made unsolicited communications with Pepperstone account holders. It is important to note that no trading accounts, passwords or bank account information have been hacked. Our investigation confirmed that the information was limited to customer names, some contact details, and some personal details. We immediately notified affected individuals, and provided information and recommendations to help ensure their ongoing security. We are deeply concerned by this incident and will continue to do everything in our power to ensure that our customers continue to trade safely.”
Steps to ensure the safety of your Pepperstone account
Once Pepperstone became aware of the issue, on July 22, the company urgently engaged relevant data privacy regulators and independent outside forensic experts to conduct an extensive investigation as a precaution, however, Pepperstone asked customers to enable two-factor authentication and change their passwords. Most importantly, they were asked to contact their local cybercrime agency if they believed their personal information had been compromised.