TORONTO, Jan. 14, 2026 /CNW/ – The Canadian Investment Regulatory Organization (CIRO) confirms that as a result of a sophisticated phishing attack, first disclosed in August 2025, approximately 750,000 Canadian investors have been impacted.
We deeply regret this occurred and apologize for any inconvenience or concern.
CIRO is reaching out to affected investors to alert them of the incident and offering credit monitoring as an added precaution.
“We are intent on doing right by those who are personally affected,” said Andrew Kriegler President and Chief Executive Officer of CIRO. “We take our public interest role very seriously. Matters of privacy and security are extremely important to us, as are our guiding organizational values of transparency and accountability. That’s why we remain committed to further strengthening our own cybersecurity defences and data security practices and supporting the ongoing efforts of the broader investment industry.”
The following information may have been impacted: dates of birth, phone numbers, annual income, social insurance numbers, government issued ID numbers, investment account numbers and account statements. CIRO does not collect account login detail, such as passwords, security questions and PINs and therefore that information was not at risk.
CIRO received this information in the normal course of carrying out its regulatory mandate to protect investors from improper investment conduct and practices, and through its investigative, compliance assessment and market regulation work.
Protecting Canadian Investors
CIRO quickly contained the incident and took immediate steps to secure our systems and protect the information in our care. We notified law enforcement and all relevant authorities, including privacy commissioners. A leading third-party forensic IT investigator was retained to determine what information was impacted.
CIRO launched a thorough investigation with the support of external cybersecurity experts. Our preliminary investigation revealed that registration information for member firms and registered individuals had been affected. We immediately shared those findings publicly and directly with our members and impacted registrants. At that time, we noted the investigation was ongoing, and we committed to sharing the final findings of the e-discovery process once the review was complete. After more than 9,000 hours of examination, we can now confirm the full extent of the incident.
There is currently no evidence that the information has been misused. We continue to monitor for malicious activity and have not identified any threat activity or exposure on the dark web.
As a precaution and in order to help detect possible misuse of information, CIRO is providing affected investors two-years of credit monitoring and identity theft protection with both of the major credit agencies. Step by step instructions detailing how to activate protection services will be communicated to those impacted, directly.
Additional Information
Only some clients or former clients of CIRO dealer members were impacted by the cybersecurity breach. Clients impacted by the cyber incident will be sent a notification letter by CIRO starting on January 14, 2026. If you did not receive a notification letter from CIRO but want to confirm whether you were impacted and should have received a notification letter, you can request this information from CIRO in writing using the contact form available in the cyber incident section of CIRO’s website (ciro.ca).
About CIRO
The Canadian Investment Regulatory Organization (CIRO) is the pan-Canadian self-regulatory organization that oversees all investment dealers, mutual fund dealers and trading activity on Canada’s debt and equity marketplaces. CIRO is committed to the protection of investors, providing efficient and consistent regulation, and building Canadians’ trust in financial regulation and the people managing their investments. For more information, visit www.ciro.ca.
SOURCE Canadian Investment Regulatory Organization (CIRO)
