A Canadian financial regulator has disclosed a cybersecurity incident, which has breached the personal information of member firms and their employees.
The Canadian Investment Regulatory Organization (CIRO), a national self-regulatory organization covering all investment dealers, mutual fund dealers and trading activity on Canada’s debt and equity marketplaces, revealed it identified the cybersecurity threat on August 11.
In response, the regulator shut down some of its systems to ensure their safety before launching an investigation to determine the extent of the attacker’s activities.
Preliminary findings have indicated that some personal information of member firms and their registered employees were accessed by the threat actor.
“Given the high standard of security that CIRO expects of both itself and its members, we are deeply concerned about this and know our members will be too. Our priority is to actively investigate which individual registrants may have been affected and once determined, to notify those individuals directly and provide risk mitigation services,” CIRO wrote in an August 18 press release.
No further details about the nature of the breached data have been shared so far, with CIRO promising to provide updates in due course.
CIRO warned its members to be aware of unsolicited calls or emails requesting personal of financial information purporting to be the regulator.
Investments Not At Risk
The organization emphasized that Canadians’ investments are not at risk as a result of the threat.
“If the investigation reveals that any investor’s information was affected, CIRO will notify them and provide risk mitigation services,” the regulator added.
The investigation collaborating with external cybersecurity and legal experts and law enforcement.
Critical CIRO functions remain online, with the regulator’s real-time equity market operations continuing as normal.
CIRO was formed in 2023 and sets regulatory standards for investment and trading firms. It has powers to impose penalties on all covered entities for non-compliance, including fines.