InfoSecBulletin Cybersecurity for mankind
Around 750,000 Canadian investors were impacted in a sophisticated phishing attack revealed in August 2025. The self-regulatory organization revealed the details of the breach on January 14, 2026, following a thorough investigation that took over 9,000 hours.
Unauthorized access was due to a phishing campaign that compromised sensitive investor data held by CIRO for its regulatory duties.
Cisco Unified CM flaw CVE-2026-20230 exploited in attacks
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
The affected information includes birth dates, phone numbers, income, social insurance numbers, ID numbers, investment account numbers, and account statements.
CIRO stated that the organization did not gather login credentials, including passwords, security questions, or PINs, ensuring its security during the incident.
The breach impacted certain clients and former clients of CIRO dealer members. CIRO President and CEO Andrew Kriegler apologized and affirmed the organization’s commitment to helping those affected.
Response and Mitigation Measures:
CIRO quickly dealt with the incident and secured its systems. Initial findings indicated that registration data for member firms and individuals was breached, leading to immediate alerts for those affected.
CIRO is offering affected investors two years of free credit monitoring and identity theft protection from major credit agencies. Affected investors started getting letters from CIRO on January 14, 2026, containing instructions to activate protection services.
