Cyber Incident Victim: City Index

On April 14, 2020, unauthorized third parties accessed the network of financial trading and spread betting service provider City Index, potentially compromising client personal data. The breach was discovered by City Index, which promptly shut down access to the affected server and initiated a full forensic investigation to assess the intrusion's scope. The compromised data included client names, dates of birth, gender, and bank details, though the company did not publicly specify the number of affected individuals or the duration of the attackers' presence within the network. City Index's parent company, Gain Capital, confirmed the incident but declined to provide further details regarding its scale or timeline. On May 8, 2020, City Index notified impacted clients via direct communication, advising them to reset their City Index account passwords immediately and recommending password changes for any external accounts where they might have reused the same credentials. The company issued a formal apology in its notification, emphasizing its commitment to data security.

In response to the breach, City Index implemented containment measures by isolating the compromised server and conducting a forensic review to determine the attack's methodology and full impact. The Information Commissioner’s Office (ICO) confirmed receiving a breach report from Gain Capital and stated it was evaluating the provided information, while the Financial Conduct Authority (FCA) declined to comment on the specifics of the incident. City Index directed affected clients to remain vigilant against potential misuse of their exposed personal and financial information but did not disclose whether additional security enhancements were implemented beyond the password reset advisory. The incident highlighted operational risks to client data within financial trading platforms, though no further public updates regarding investigative findings or regulatory actions were disclosed following the initial notification.