In the aftermath of the CIRO breach, which exposed personal information of registrants past and present, financial advisors are also undergoing a process — of ongoing credit monitoring and guarding against identity theft.
Advisors are hardly alone, however. The proportion of Canadians age 15 and older experiencing cybersecurity incidents — from unsolicited spam to fraudulent payment card use — increased to 70% in 2022 from 58% in 2020, according to the Canadian internet use survey sponsored by Innovation, Science and Economic Development Canada.
In 2021, the Canadian Anti-Fraud Centre issued a warning about increased identity-fraud reporting: “Fraudsters are using personal information about Canadians to apply for government benefits, credit cards, bank accounts, cell phone accounts or even take over social media and email accounts,” the centre says on its website. “It is important that Canadians take steps to secure their personal and financial information and know what to do when identity fraud occurs.”
What individuals should do after a data breach Harden accounts: change all passwords, enable multi-factor authentication Protect your financial identity: use credit monitoring, add fraud alerts, freeze credit files (for those in Quebec) Monitor for long-tail fraud (of particular importance when passwords or personally identifiable information has been exposed, such as email, bank account number or passport number). Identity theft often occurs 12–36 months after a breach: u
CIRO / OCRI cybersecurity rating report: https://www.rankiteo.com/company/ciro-canadian-investment-regulatory-organization
"id": "CIR1764843213",
"linkid": "ciro-canadian-investment-regulatory-organization",
"type": "Breach",
"date": "1/2022",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Registrants past '
'and present, '
'financial advisors',
'industry': 'Financial Services',
'location': 'Canada',
'name': 'CIRO',
'size': None,
'type': 'Financial Regulatory '
'Organization'}],
'customer_advisories': 'Advisories on securing personal and '
'financial information, monitoring for '
'identity fraud, and steps to take '
'post-breach.',
'data_breach': {'data_encryption': None,
'data_exfiltration': None,
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personal '
'information'},
'description': 'The CIRO breach exposed personal information of '
'registrants past and present, leading to ongoing '
'credit monitoring and identity theft risks for '
'financial advisors and affected individuals.',
'impact': {'brand_reputation_impact': None,
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': 'Personal information',
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'High',
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': None},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'lessons_learned': 'Importance of securing personal and '
'financial information, monitoring for '
'long-tail fraud, and taking proactive '
'measures like credit monitoring and fraud '
'alerts.',
'motivation': 'Identity Fraud',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': None},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'recommendations': ['Harden accounts: change all passwords, '
'enable multi-factor authentication',
'Protect financial identity: use credit '
'monitoring, add fraud alerts, freeze credit '
'files',
'Monitor for long-tail fraud, especially '
'when PII is exposed'],
'references': [{'date_accessed': None,
'source': 'Canadian Anti-Fraud Centre',
'url': None},
{'date_accessed': None,
'source': 'Innovation, Science and Economic '
'Development Canada (Canadian Internet '
'Use Survey)',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': None},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': None,
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'title': 'CIRO Breach',
'type': 'Data Breach'}