Canadian investment regulator confirms hackers hit 750,000 investors
The Canadian Investment Regulatory Organization (CIRO) confirmed on Friday that approximately 750,000 investors were impacted by a cyber incident last year.
The self-regulatory organization, which is independent of the Canadian government, oversees all investment and mutual fund dealers in the country, alongside trading activity on Canada’s debt and equity marketplaces.
It said it could confirm the scale of a data breach following “a sophisticated phishing attack” that was detected in August.
After what it described as “more than 9,000 hours” of forensic examination by a “leading third-party forensic IT investigator,” CIRO said it was reaching out to affected clients to confirm that the perpetrators may have compromised a wide range of personal information, although login credentials were not at risk.
“The following information may have been impacted: dates of birth, phone numbers, annual income, social insurance numbers, government issued ID numbers, investment account numbers and account statements,” stated CIRO.
The organization said it deeply regretted that the incident occurred and apologized “for any inconvenience or concern.”
“There is currently no evidence that the information has been misused. We continue to monitor for malicious activity and have not identified any threat activity or exposure on the dark web,” the agency stated.
Affected investors are being offered two years of credit monitoring and identity theft protection “with both of the major credit agencies.”
Chief executive Andrew Kriegler said: “We are intent on doing right by those who are personally affected. We take our public interest role very seriously. Matters of privacy and security are extremely important to us, as are our guiding organizational values of transparency and accountability.
“That’s why we remain committed to further strengthening our own cybersecurity defences and data security practices and supporting the ongoing efforts of the broader investment industry.”
Alexander Martin
is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.