Status: Complete
Gain Capital UK have been issued a Reprimand in respect of Articles 32 (2) and 32 (1) (b). An unauthorised third party leveraged an unpatched software vulnerability to access Gain Capital’s systems and exfiltrate personal data relating to 72,361 UK Data Subjects. Gain Capital had a support contract in place with a third party whom they believed were responsible for notifying Gain Capital about software security updates, however the contract stipulated that upgrades were Gain Capital’s responsibility.