Regulator Reports Cyber Breach Impacting 750,000 Canadian Investors
A recent report from the Canadian Investment Regulatory Organization (CIRO) reveals that a staggering 750,000 Canadian investors have been affected by a “sophisticated phishing attack.” This update sheds light on the repercussions of a significant data breach that was initially disclosed in August.
The compromised information may include sensitive details such as dates of birth, phone numbers, income, social insurance numbers, government ID numbers, investment account numbers, and account statements. CIRO provided this information in a statement on Wednesday, following extensive investigations that involved thousands of hours of collaboration with external experts.
On Wednesday, CIRO began notifying the affected investors and is offering them two years of credit monitoring and identity theft protection through major credit agencies. While the organization has not yet found evidence of misuse of the exposed information, it continues to monitor potential threats and any exposure on the dark web.
In August, CIRO had announced that a preliminary investigation indicated that registration information for member firms and registered individuals had been compromised. The latest update from CIRO elaborates on the full scope of the incident, providing a clearer picture of the breach’s impact.
Photograph: A young man types on an illuminated computer keyboard typically favored by computer coders on January 25, 2021, in Berlin, Germany. (Photo by Sean Gallup/Getty Images)
Copyright 2026 Bloomberg.
Was this article valuable?
Here are more articles you may enjoy.
Interested in Cyber?
Get automatic alerts for this topic.
A recent report from the Canadian Investment Regulatory Organization (CIRO) reveals that a staggering 750,000 Canadian investors have been affected by a “sophisticated phishing attack.” This update sheds light on the repercussions of a significant data breach that was initially disclosed in August.
The compromised information may include sensitive details such as dates of birth, phone numbers, income, social insurance numbers, government ID numbers, investment account numbers, and account statements. CIRO provided this information in a statement on Wednesday, following extensive investigations that involved thousands of hours of collaboration with external experts.
On Wednesday, CIRO began notifying the affected investors and is offering them two years of credit monitoring and identity theft protection through major credit agencies. While the organization has not yet found evidence of misuse of the exposed information, it continues to monitor potential threats and any exposure on the dark web.
In August, CIRO had announced that a preliminary investigation indicated that registration information for member firms and registered individuals had been compromised. The latest update from CIRO elaborates on the full scope of the incident, providing a clearer picture of the breach’s impact.
Photograph: A young man types on an illuminated computer keyboard typically favored by computer coders on January 25, 2021, in Berlin, Germany. (Photo by Sean Gallup/Getty Images)
Copyright 2026 Bloomberg.
Was this article valuable?
Here are more articles you may enjoy.
Interested in Cyber?
Get automatic alerts for this topic.
