CIRO Data Breach Exposes Personal Information of 750,000 Individuals
The Canadian Investment Regulatory Organization (CIRO) disclosed a data breach on August 18, 2025, revealing that hackers accessed the personal information of approximately 750,000 individuals in an August cyberattack. The breach stemmed from a sophisticated phishing incident, which led to temporary system shutdowns, though CIRO confirmed its critical regulatory functions remained unaffected.
According to CIRO, the compromised data includes sensitive details such as annual income, dates of birth, government-issued ID numbers, phone numbers, investment account numbers, social insurance numbers, and account statements information collected during routine regulatory and compliance activities. The organization clarified that passwords, PINs, and security questions were not exposed, as CIRO does not store such data.
While CIRO reported no evidence of data misuse or dark web exposure, it continues to monitor for malicious activity. Impacted individuals clients and former clients of CIRO dealer members are being notified and offered two years of free credit monitoring and identity theft protection services. An FAQ page has also been published to provide further details.
CIRO, a pan-Canadian self-regulatory body overseeing investment and mutual fund dealers, stated that the incident is contained with no active threat remaining in its environment. The breach follows a series of recent cybersecurity incidents affecting financial and healthcare sectors globally.
Source: https://www.securityweek.com/750000-impacted-by-data-breach-at-canadian-investment-watchdog/
CIRO / OCRI cybersecurity rating report: https://www.rankiteo.com/company/ciro-canadian-investment-regulatory-organization
"id": "CIR1768585990",
"linkid": "ciro-canadian-investment-regulatory-organization",
"type": "Breach",
"date": "8/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '750,000',
'industry': 'Financial Services',
'location': 'Canada',
'name': 'Canadian Investment Regulatory Organization '
'(CIRO)',
'type': 'Regulatory Body'}],
'attack_vector': 'Phishing',
'customer_advisories': 'Impacted individuals offered two years of free credit '
'monitoring and identity theft protection services',
'data_breach': {'data_exfiltration': 'No evidence of data misuse or dark web '
'exposure',
'number_of_records_exposed': '750,000',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Annual income',
'Dates of birth',
'Government-issued ID numbers',
'Phone numbers',
'Investment account numbers',
'Social insurance numbers',
'Account statements']},
'date_detected': '2025-08',
'date_publicly_disclosed': '2025-08-18',
'description': 'The Canadian Investment Regulatory Organization (CIRO) '
'disclosed a data breach on August 18, 2025, revealing that '
'hackers accessed the personal information of approximately '
'750,000 individuals in an August cyberattack. The breach '
'stemmed from a sophisticated phishing incident, which led to '
'temporary system shutdowns, though CIRO confirmed its '
'critical regulatory functions remained unaffected.',
'impact': {'data_compromised': 'Personal information of 750,000 individuals',
'identity_theft_risk': 'High',
'operational_impact': 'Critical regulatory functions remained '
'unaffected',
'systems_affected': 'Temporary system shutdowns'},
'investigation_status': 'Ongoing',
'references': [{'date_accessed': '2025-08-18', 'source': 'CIRO Disclosure'}],
'response': {'communication_strategy': 'FAQ page published, impacted '
'individuals notified',
'containment_measures': 'Incident contained with no active '
'threat remaining in its environment',
'enhanced_monitoring': 'Monitoring for malicious activity'},
'title': 'CIRO Data Breach Exposes Personal Information of 750,000 '
'Individuals',
'type': 'Data Breach'}