The exchange’s head of security said there had been two incidents involving “inappropriate access” to client data, involving about 2,000 user accounts.