The Canadian Investment Regulatory Organization (CIRO) confirmed that the data breach it suffered last year impacts about 750,000 Canadian investors.
The organization disclosed the incident on August 18, but completed an extensive forensic investigation this year, on January 14.
CIRO is Canada’s national self-regulatory body for investment dealers, mutual fund dealers, and trading activity. It was formed in 2023 and is currently one of the core pillars of the country’s financial regulatory framework.
Last summer, CIRO announced that it identified on August 11 a cybersecurity threat on its systems and responded by shutting down certain non-critical systems while launching an investigation.
Preliminary results showed that some personal information of member firms and their registered employees had been exfiltrated, but the full scope of the incident would take more time to appreciate.
In an announcement earlier this week, CIRO informed that the incident impacted approximately 750,000 investors in the country, which corresponds to a portion of CIRO’s current and former members. The compromised data varies per individual, and may include:
Dates of birth
Phone numbers
Annual income
Social insurance numbers
... continue reading