When was the CIRO cybersecurity incident detected?

The cybersecurity incident was detected on August 11, 2025, prompting CIRO to shut down some of its systems as a precautionary measure.

What information was compromised in the CIRO cyber incident?

CIRO reports that personal information of member firms and their registered employees was accessed during the incident. However, specific details about what types of personal information were compromised have not been disclosed.

How many people were affected by the CIRO cybersecurity incident?

The number of affected individuals has not been disclosed by CIRO. The organization has stated it will provide updates in due course as the investigation progresses.

What immediate actions did CIRO take after discovering the cyber incident?

After detecting the incident, CIRO shut down some of its systems as a precautionary measure and began an investigation into the scope and impact of the cybersecurity incident.

Who is helping CIRO investigate the cybersecurity incident?

The investigation is ongoing and CIRO is working with external cybersecurity and legal experts, as well as law enforcement agencies to determine the full scope of the incident.

Has CIRO disclosed the nature of the cyberattack?

No, the nature of the attack has not been disclosed by CIRO. The organization is still conducting its investigation and has stated it will provide updates as the investigation progresses.

Will CIRO provide updates about the cybersecurity incident?

Yes, CIRO has stated that it will provide updates in due course as the investigation progresses and more information becomes available about the scope and impact of the incident.

What type of organizations are affected by the CIRO cyber incident?

The incident affected member firms of CIRO, which include investment dealers, mutual fund dealers, and other organizations involved in trading activity on Canada's debt and equity marketplaces, along with their registered employees.

Are CIRO's regulatory functions affected by the cybersecurity incident?

While CIRO shut down some systems as a precaution, the organization has not disclosed the specific impact on its regulatory oversight functions or market operations. More details are expected as the investigation continues.

What should CIRO members do following this cybersecurity incident?

CIRO members should be vigilant about unsolicited communications claiming to be from the regulator, avoid sharing personal or financial information through unverified channels, and wait for official updates from CIRO about any actions they need to take.

Why is this CIRO cybersecurity incident particularly significant?

This incident is particularly significant because CIRO is Canada's national financial regulatory organization overseeing investment markets. A breach affecting such a critical financial infrastructure entity could have wide-reaching implications for market participants and investors across Canada.

Incident

Canada's investment regulator CIRO suffers cybersecurity incident exposing member firm and employee data

Q: What happened to the Canadian Investment Regulatory Organization (CIRO)?

The Canadian Investment Regulatory Organization (CIRO) experienced a cybersecurity incident that was detected on August 11, 2025, affecting personal information of member firms and their registered employees.

Q: What support is CIRO offering to affected individuals?

CIRO plans to provide credit monitoring and identity theft protection services free of charge to any individual determined to be at risk as a result of the cybersecurity incident.

published: Aug. 19, 2025

Learn More

The Canadian Investment Regulatory Organization (CIRO) reports a cybersecurity incident that was detected on August 11, 2025, affecting personal information of member firms and their registered employees.

CIRO is Canada's national self-regulatory organization that oversees all investment dealers, mutual fund dealers, and trading activity on the country's debt and equity marketplaces.

After detecting the incident, CIRO shut down some of its systems. Preliminary investigation ndicated that some personal information of member firms and their registered employees was affected.

CIRO reports that personal information of member firms and their registered employees was accessed, but has not disclosed more details The number of affected individuals and the nature of the attack is not disclosed. The organization has stated it will provide updates in due course as the investigation progresses.

The investigation is ongoing and CIRO is working with external cybersecurity and legal experts, and law enforcement.

The regulator plans to provide credit monitoring and identity theft protection services free of charge to any individual at risk. CIRO has warned its members to be aware of unsolicited calls or emails requesting personal or financial information claiming to be from the regulator.

Update - as of 11th of September 2025, Investment firms, financial advisers and other market registrants are getting notified that their personal information was accessed last month during a data breach at their industry regulator. The number of affected individuals is not disclosed.

Update - as of 14th of January 2026, Canada’s investment industry regulator reports the incident impacted 750,000 investors.

Canada's investment regulator CIRO suffers cybersecurity incident exposing member firm and employee data

Read More
City of Cedar Falls reports ransomware attack
Hacker claims breach of Hajj and Pilgrimage Organization, …
City of Middletown, Ohio hit by cyberattack paralyzing …
Nigerian state government leaks personal data of loan …
LA County Superior Court hit by ransomware attack …