Cyber incident at Tradersplace
The securities institute Tradersplace is currently investigating a "cybercrime attack". Some sensitive data may have escaped.
(Image: Muhrfotografi/Shutterstock.com)
There has been a “cybercrime incident” at the securities institution Tradersplace.de, as the company confirmed to heise online. Affected customers are apparently being informed by email with a PDF attachment.
In the letter to customers of the trading platform for various cryptocurrencies and assets or ETFs, among other things, the company explains that “user number, first name, surname, contact and address data as well as securities account value as of November/December 2023” may have fallen into unauthorized hands. According to the PDF, the company has taken “security measures to prevent unauthorized access to accounts/custody accounts and asset transfers”. Furthermore, “intensive internal checks have not yet revealed any indications of misuse of the data”.
Unauthorized access ended in June
“The unauthorized access was successfully terminated on 19.06.2025 and the incident has already been reported to the data protection authority,” adds Tradersplace. When asked by heise online, CEO Ernst Huber replied that Tradersplace is currently “unable to publish any details about the incident in order not to jeopardize the internal and official investigations that are currently in full swing.” There is a possibility that unauthorized third parties could have gained access to several internal static evaluations containing personal customer data. “At no time were the core and customer systems, which are completely separate from the affected area, at risk,” Huber concludes the statement.
Videos by heise
The customer emails with PDF attachments are therefore to be classified as genuine; there was an IT incident of previously unknown proportions. Tradersplace recommends that customers “exercise increased caution when receiving emails and other forms of contact, especially if they contain unusual content, for example if you are asked to disclose access or account/deposit data, change access data or account/deposit data or make payments”. Tradersplace asks anyone who receives such emails to report them, as this could help to clarify the “cybercrime attack”.
Such incidents in the financial sector are particularly explosive. When asked, the German Federal Financial Supervisory Authority (BaFin) confirmed that Traders Place GmbH & Co KGaA was under its supervision, but that it could not provide any further information as it was subject to a duty of confidentiality. According to BaFin, almost all supervised institutions and companies in the European financial sector are subject to DORA, the European regulation on digital operational resilience in the financial sector. DORA obliges institutions to report serious ICT-related incidents.
Last week, an IT incident at Center Parcs came to light. It is alleged that some personal data was disclosed to people who booked their vacation there.
(dmk)
