In a note sent to clients OANDA states that:
“OANDA is writing to inform you of an incident affecting our client database that occurred between July 14 and 17, 2012. Specifically, on the evening of July 17, 2012, OANDA discovered that one of our employee usernames and passwords was hacked and used in an unauthorized manner that allowed an intruder to view the personal information of a limited number of accountholders in our customer database. Based on our investigation, we believe that this incident may have affected the security of some of the information associated with your OANDA fxTrade account. This information may include (if you provided such information to OANDA) your name, telephone number, address, e-mail address, date of birth, citizenship, employment information, net worth, account numbers and balance, social security number/tax identification number, passport or drivers license number, and financial account information, including the bank account number used to fund your fxTrade account and security question and answer associated with your fxTrade account. Copies of documents sent to OANDA, such as address confirmation or identification documentation, were NOT accessed.
Upon learning of this incident, OANDA promptly disabled the affected username to prevent further unauthorized access to our database. OANDA has also taken additional measures to increase security of our client database and has hired an external firm to audit these changes. Additionally, OANDA has notified the authorities of this incident and will assist with their investigation.”
Apparently only about 100-150 clients were affected (considering that OANDA has about 50-75,000 accounts, live and inactive, worldwide):
“OANDA has identified and immediately rectified a breach involving unauthorized access to our client database that affected 0.2% of our total user population. We were the victim of a targeted hacking attack of an employee’s laptop and are working closely with authorities to identify the perpetrator.
We are in the process of notifying all affected customers and our customer service team is working directly with these clients to assist them. OANDA has also implemented additional security protocols to prevent such a breach from occurring again.
If you have any questions or concerns, please contact our customer service team by phone at 1 877-626-3239 or by email to firstname.lastname@example.org.
Tony Savor, CTO
It’s not the best scenario but it seems there was no real damage done and OANDA were transparent enough not to cover this up. Laptops of employees however would probably never leave OANDA’s offices again.