Canadian Investment Regulatory Organization confirms breach of member registration information and offers two-year credit monitoring

The Canadian Investment Regulatory Organization published cybersecurity updates confirming that registration information for CIRO member firms and registered individuals was breached following a cybersecurity threat identified on 11 August 2025. CIRO reported no evidence that the information has been misused and is contacting impacted individuals, offering two years of free credit monitoring and identity theft protection services through TransUnion and Equifax. As a precaution, some CIRO systems were shut down while an investigation began, with critical functions remaining available. Real-time equity market surveillance operations continued as normal, with CIRO reporting no active threat in its systems; the investigation remains ongoing with external cybersecurity and legal experts and law enforcement. CIRO warned it will not contact people about the incident through unsolicited calls or emails requesting personal or financial information and stated it will continue to provide updates as the investigation progresses.