By rssfeeds-admin 
The confirmation comes after nine months of forensic investigation and over 9,000 hours of examination by third-party cybersecurity experts and forensic investigators.
The breach exposed sensitive personal and financial information, including dates of birth, phone numbers, annual income, social insurance numbers, government-issued ID numbers, investment account numbers, and account statements.
CIRO emphasized that authentication credentials such as passwords, security questions, and personal identification numbers (PINs) were not compromised, as the organization does not collect or store such information in its systems.
CIRO stated that it quickly contained the incident and implemented immediate security measures to secure its systems.
The organization notified law enforcement, privacy commissioners, and all relevant regulatory authorities upon discovering the breach.
A leading third-party forensic IT investigator was retained to determine the scope and nature of compromised data.
The preliminary investigation revealed that registration information for member firms and registered individuals had been compromised.
CIRO disclosed these findings publicly and directly notified affected members and registrants, and committed to sharing the final results once the e-discovery process concluded.
Protective Measures and Monitoring
Currently, there is no evidence that the exposed information has been misused. CIRO continues active monitoring for malicious activity and has not identified any threat indicators or data exposure on the dark web.
As a precautionary measure, the organization is providing affected Canadian investors with two years of complimentary credit monitoring and identity theft protection services through major credit agencies.
Affected individuals will receive detailed instructions for activating protection services directly from CIRO. The organization began notification communications on January 14, 2026.
Only some clients and former clients of CIRO dealer members were affected by the cybersecurity incident.
Individuals who did not receive a notification letter but wish to confirm their impact status can request verification through CIRO’s website by submitting a written inquiry using the contact form in the cyber incident section.
Andrew Kriegler, CIRO’s President and Chief Executive Officer, stated: “We are intent on doing right by those who are personally affected.
Matters of privacy and security are extremely important to us, as are our guiding organizational values of transparency and accountability.”
CIRO remains committed to strengthening its cybersecurity defenses and supporting the broader investment industry’s security efforts. Additional information regarding the incident is available on CIRO’s official website.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.
The post CIRO Confirms Data Breach Impacting 750,000 Canadian Investors appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.