TORONTO – The Canadian Investment Regulatory Organization says about 750,000 Canadian investors may have had personal information compromised in a data breach last year.
According to CIRO, certain information like social insurance numbers, investment account numbers, phone numbers and more may have been impacted.
CIRO says that at this time, there is no evidence that the information has been misused, but it will continue to monitor for potential malicious activity.
The data breach was the result of a sophisticated phishing attack that was quickly contained, according to CIRO.
CIRO says it is reaching out to affected investors, and those affected will be sent a notification letter starting on Jan. 14.
Andrew Kriegler, CIRO’s president and CEO, says the organization is intent on doing right by those investors that have been impacted, and it remains committed to strengthening its cybersecurity practices.
CIRO is the self-regulatory organization for investment dealers, mutual fund dealers and debt and equity trading.
This report by The Canadian Press was first published Jan. 14, 2026.
