In August 2025, a targeted phishing campaign compromised sensitive investor information held by the Canadian Investment Regulatory Organization (CIRO), ultimately affecting approximately 750,000 Canadian investors. Following an extensive forensic investigation exceeding 9,000 hours, CIRO publicly confirmed the full extent of the breach on January 14, 2026. The incident affected a defined subset of current and former clients of CIRO dealer members and occurred within the scope of CIRO’s regulatory data holdings.
The accessed information may include personal and financial data such as dates of birth, income figures, Social Insurance Numbers, government issued identification numbers, investment account numbers, and account statements. CIRO has stated that it does not store account credentials, confirming that passwords, PINs, and similar authentication data were not exposed. CIRO’s President and CEO issued an apology and reaffirmed the organization’s commitment to strengthening cybersecurity controls and data governance across the Canadian investment ecosystem.
CIRO acted swiftly to contain the incident, secure affected systems, and engage third party cybersecurity forensics, while also notifying law enforcement and relevant privacy authorities. As a precaution, impacted individuals are being provided with two years of complimentary credit monitoring and identity theft protection. While no evidence of data misuse or dark web exposure has been identified to date, ongoing monitoring remains in place, and affected individuals have been formally notified with guidance on protective next steps.
Original article courtesy of CyberSecurityNews.com
Enhance Your Business Security with Expert Cybersecurity Solutions. Click here to learn more and download shawcsIT’s free services overview catalogue.