investor daily logo

Sydney investment firm hit by alleged data breach, impacting 400k+ customers

By David Hollingworth
2 minute read

A member of a popular clear web hacking forum has claimed they have the personal details of more than 400,000 Australian customers of a Sydney-based international investment firm.

A user by the name of “wht” posted to the forum on 18 May, sharing the details of 438,522 customers of the XM Group.

“Australian Shares Xm.com 430K,” the post said. The data is in a CSV file and the poster said they have the following information: full name, gender, email, date of birth, phone number, street name, city, AUD, assets, postcode, and website.

The post includes the full details of 11 people, with all the above information listed. For AUD, the data appears to include the value being traded – the figure listed for each person in the sample list is $5,000-plus – as well as the assets they are trading in, namely “Forex & CFD trading on stocks, indices, oil, gold by XM”.

Of the 11 emails provided in the sample data, all have been exposed in previous data breaches, particularly the 2011 Oxfam Australia breach, which saw 1.8 million emails exposed.

The full dataset is only available to users who have upgraded their membership in the hacking forum. The poster has not said how the data was acquired.

The XM Group was established in 2009 and, since then, has had more than 10 million clients and boasts traders from over 190 countries.

“XM is currently built of more than 900 professionals with long-year experience in the financial industry,” the company’s website said.

“Our extensive experience, combined with support for well over 30 languages, makes XM the broker of choice for traders of all levels, anywhere. We have the expertise and the resources to help everybody realise their investment goals, like only a big broker can.”

InvestorDaily’s sister brand Cyber Daily has reached out to the XM Group for comment.