Skip to content
News

Financial institution data from member organizations in Canada has been unlawfully accessed, potentially compromising personal information.

CIRO to Identify and Notify Individuals Whose Data Was Breached by Regulatory Organization

 and  Administrator
2 min read
Financial institution data from member organizations in Canada unlawfully accessed and compromised,...
Financial institution data from member organizations in Canada unlawfully accessed and compromised, potentially leading to exposure of personal details.

Financial institution data from member organizations in Canada has been unlawfully accessed, potentially compromising personal information.

The Canadian Investment Regulatory Organization (CIRO) has disclosed a cybersecurity incident that occurred on August 11. In response, CIRO shut down some of its systems to ensure their safety. The investigation into the incident is being conducted in collaboration with external cybersecurity and legal experts, as well as law enforcement agencies such as the Communications Security Establishment (CSE) and the Royal Canadian Mounted Police (RCMP).

CIRO, formed in 2023, sets regulatory standards for investment and trading firms and has powers to impose penalties on all covered entities for non-compliance, including fines. The regulator has the authority to impose penalties on any entity found to be non-compliant during the investigation.

Preliminary findings indicate that some personal information of member firms and their registered employees were accessed by the threat actor. However, no further details about the nature of the breached data have been shared so far. The organization emphasized that Canadians' investments are not at risk as a result of the threat.

Critical CIRO functions remain online, with the regulator's real-time equity market operations continuing as normal. The organization plans to notify individuals directly who may have been affected and provide risk mitigation services. If the investigation reveals that any investor's information was affected, CIRO will notify them and provide risk mitigation services.

In light of the incident, CIRO has warned its members to be aware of unsolicited calls or emails requesting personal or financial information purporting to be the regulator. The regulator has not yet mentioned if this warning is still in effect.

The investigation into the CIRO cybersecurity incident is ongoing to determine the full extent of the attacker's activities. CIRO is conducting an investigation to determine the extent of the attacker's activities and will continue to provide updates as more information becomes available.

Read also:

Related

Latest