IG Securities, the Japanese subsidiary of electronic trading major IG Group, today issued a public apology regarding improper handling of personal information.

IG Securities has discovered an error in the handling of specific personal information at IG Markets Limited (IGM), a subsidiary of IG Group Holdings, which is an external contractor of IG Securities.

At this time, the brokerage has not confirmed that any customers’ specific personal information has been leaked outside IG Group.

The company has reported this matter to the Kanto Local Finance Bureau, the Ministry of Agriculture, Forestry and Fisheries, the Ministry of Economy, Trade and Industry, the Japan Securities Dealers Association, the Financial Futures Association of Japan, the Japan Commodity Futures Association, and the Personal Information Protection Commission.

Some IG Group employees, to whom IG Securities has not outsourced the input and storage of specific personal information, were able to display and view customers’ specific personal information electronically, beyond the scope necessary for their work.

Customers’ specific personal information was stored on an external server managed by a cloud service provider used by IGM without IG Securities’ prior consent. However, employees of the cloud service provider did not have the right to view the customers’ specific personal information data and could not access it through the system.

After confirming this matter, IG Securities promptly instructed IGM to modify the system and delete the specific personal information data from the external server managed by the cloud service provider. The specific personal information data stored on an external server managed by the cloud service provider was deleted on March 5, 2026.

Due to incident ①, the number of specific personal information entries (name, date of birth, gender, address, telephone number, email address, and My Number) that were accessible and viewable in specific information systems within the IG Group was 162,879. This matches the number of customers who provided their My Number to the company between now and February 24, 2026, when IGM’s system modifications were completed. As a result of the events described in ②, 29,734 pieces of specific personal information (name, date of birth, gender, address, telephone number, email address, and My Number) were stored on external servers managed by the cloud service provider.

The root cause of this incident is IG Securities’ insufficient management and supervision of its contractor, IGM.

Going forward, the My Number (Social Security Number) of customers applying to open an account with IG Securities will be temporarily stored in IGM’s data area located overseas during the account opening review period. However, after the account opening is completed, it will be transferred to IG Securities data area in Japan, where it will be strictly stored and managed under its control.

The full statement by IG Japan can be read here.