Back

IG Japan Enforces Mandatory 2FA to Combat Phishing Surge

Severity: Medium (Score: 54.8)

Sources: Cryptorank, coinedition.com, www.financemagnates.com

Published: 2026-05-30 · Updated: 2026-05-30

Keywords: japan, phishing, attacks, rolls, mandatory, amid, surging

Summary

IG Securities, a Japanese subsidiary of IG Group, has mandated two-factor authentication (2FA) for all clients by June 2026 due to a rise in phishing attacks. Clients who do not enable 2FA will be locked out of their accounts. This decision follows recent incidents of mishandled client data, affecting over 162,000 clients, which has raised concerns about account security. The firm advises clients to complete the 2FA setup using authentication apps like Google Authenticator. The implementation is expected to increase security for crypto and CFD customers, while the company also suspended new vanilla options trades for retail clients. Support teams may experience a surge in requests as the deadline approaches. Key Points: • IG Securities mandates 2FA for all clients by June 2026 to enhance security. • Clients who do not enable 2FA will be locked out of their accounts. • The firm recently mishandled client data affecting over 162,000 individuals.

Detailed Analysis

**Impact** IG Securities’ entire client base in Japan is affected by the mandatory 2FA enforcement, with 162,879 clients impacted by a prior data breach exposing names, dates of birth, addresses, and My Number identification details. An additional 29,734 customer records were improperly stored on an external server without approval. The firm has suspended new vanilla options trades for retail clients, potentially affecting individual investors, while continuing services for corporate clients. The phishing surge targeted account credentials, increasing risk to crypto and CFD customers in the Japanese financial sector. **Technical Details** The primary attack vector involves phishing campaigns aimed at compromising client login credentials. No specific malware, CVEs, or infrastructure details were disclosed. The enforcement of 2FA replaces an optional setup, requiring users to install authentication apps like Google Authenticator or Microsoft Authenticator. The data breaches resulted from unauthorized employee access and contractor oversight, indicating insider threat and mismanagement of data storage. No IOCs were provided. **Recommended Response** Enforce mandatory 2FA for all user accounts to mitigate credential theft via phishing. Monitor for unusual login attempts and access patterns indicative of compromised credentials. Review and restrict internal access controls to prevent unauthorized employee data access. Audit third-party and contractor data handling practices to ensure compliance with data storage policies. No specific patches or malware detections were mentioned; focus on user authentication hardening and phishing awareness training.

Source articles (3)

  • IG Japan Rolls Out Mandatory 2FA Amid Surging Phishing Attacks — Cryptorank · 2026-05-29
    IG Securities (IG Japan) is mandating two-factor authentication for all clients by June after uncovering issues involving specific personal information and a surge in phishing attacks. The enforced 2F…
  • IG Japan Rolls Out Mandatory 2FA Amid Surging Phishing Attacks — coinedition.com · 2026-05-30
    IG Securities, a Japanese subsidiary of IG Group, a leading London-headquartered financial technology company, has begun mandating that all its clients enable two-factor authentication (2FA) by June.…
  • Cfd Brokers Confront Phishing Surge As Ig Japan Makes 2fa Compulsory — www.financemagnates.com · 2026-05-30

Timeline

  • 2026-05-29 — IG Japan announces mandatory 2FA: IG Securities requires all clients to enable 2FA by June to combat phishing attacks and enhance account security.
  • 2026-05-30 — 2FA implementation deadline approaches: Clients are urged to complete the 2FA setup to avoid being locked out of their accounts as the deadline nears.
  • Date unkno — Client data mishandling incidents revealed: IG Japan disclosed issues involving unauthorized access to client data affecting 162,879 clients, including sensitive personal information.

Related entities

  • Phishing (Attack Type)
  • IG Group (Company)
  • IG Japan (Company)
  • IG Markets Limited (Company)
  • IG Securities (Company)
  • Japan (Country)
  • CWE-200 - Exposure of Sensitive Information (Cwe)
  • T1566 - Phishing (Mitre Attack)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed