StoneX, a prominent global financial services firm, has allegedly fallen victim to a cyber attack. The Breach, which the threat actor claims occurred on May 30, 2023, has exposed the sensitive information of millions of customers, raising concerns about data privacy and security.

A threat actor by the alias ‘0x3a0’ has claimed the StoneX data breach and asserted that they had infiltrated StoneX’s secure network and gained unauthorized access to a vast amount of confidential data.

The alleged breach, the hacker group claims, compromised personal and financial information, including the firm’s clients’ names, addresses, social security numbers, and account details.

The Cyber Express has reached out to the company to confirm the StoneX data breach. However, we are yet to receive an official response from the company, leaving the hacker’s claim unverified. 

What we know about the StoneX data breach 

The StoneX, formerly known as INTL FCStone Inc., is a renowned provider of financial services with a diverse client base spanning the globe. The company offers various investment options, including commodities, foreign exchange, and securities.

The threat actor behind the StoneX data breach, 0x3a0, is a new group targeting big corporations in 2023.

Earlier, MedPlus Health Services Limited, an Indian pharmacy retail chain, had allegedly fallen victim to a cyber attack claimed by the hacker collective.

Similar to the StoneX data breach, the group had asserted that they managed to extract the compromised database from a subdomain of medplusindia.com.

The contents of the database, according to the perpetrator’s post, contained highly sensitive information. This includes personally identifiable details (PII) of 17,192 users, credentials for 301 employees, web login information for 68,311 users stored in two separate data tables, and the database administrator’s credentials.

StoneX data breach and fines from two subsidiary companies

A subcommittee belonging to ICE’s Business Conduct Committee (BCC) had earlier concluded that both StoneX entities, StoneX Financial and StoneX Markets, may have violated multiple rules, including detrimental conduct towards the exchange, supervisory responsibilities, block trading, and the power to obtain testimony and documents.

Between May 2020 and May 2021, the subcommittee identified numerous instances where the two companies may have engaged in improper pre-hedging, considered detrimental conduct.

According to ICE, when SX Financial, acting as a broker, receives a customer order, it is required to fulfill the order through the proprietary trading desk of its affiliate, SX Markets.

These activities resulted in profits of $225,606.80 for both companies, which they are now obligated to disgorge.

They also needed to adequately supervise employees’ activities related to block trading and compliance with exchange rules.

Moreover, the two companies may have misreported the execution time of certain block trades, submitting them after the 15-minute reporting window had passed.

Apart from these legal implications, the StoneX data breach itself is a stark reminder of the constant dangers cybercriminals pose and the pressing need for robust security measures in today’s digital landscape.

It highlights the vulnerability of financial institutions and their customers to sophisticated cyber attacks, underscoring the urgency for strengthened cybersecurity protocols and increased vigilance across the industry.

While the StoneX data breach remains unconfirmed, customers are strongly advised to exercise caution and closely monitor their financial accounts for any suspicious activity.

It is crucial for individuals to promptly report any unauthorized transactions or signs of identity theft to the relevant authorities and take immediate steps to safeguard their personal information.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.