750K investors’ income exposed after phishing attack hit CIRO

Published: 20 January 2026
Phishing Attack on CIRO exposed thousands of investors
Image by Cybernews.

The Canadian Investment Regulatory Organization (CIRO) revealed that a phishing attack compromised the organization and led to hundreds of thousands of investors losing their personal details, including income and account statements.

Canada’s core investment regulatory institution, CIRO, is the latest poster child for the devastating impact of phishing attacks. The organization, formed in 2023, revealed that a “sophisticated phishing attack” impacted 750,000 Canadian investors.

The attack, first spotted in August 2025, exposed a treasure trove of sensitive investors' data. According to a breach notice by CIRO, attackers may have accessed:

ADVERTISEMENT
  • Dates of birth
  • Phone numbers
  • Annual income
  • Social insurance numbers
  • Government-issued ID numbers
  • Investment account numbers
  • Account statements
jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

Malicious actors could use the stolen data for various purposes, the most obvious being identity theft. Meanwhile, combining social insurance numbers with synthetic identities enables attackers to create fake accounts.

Moreover, there’s enough exposed data for attackers to set up intricate phishing attacks. In these cases, cybercrooks craft malicious emails that, because of the leaked data, include accurate victim details, fostering the illusion that the email is legitimate.

Since the data included annual income information and account statements, attackers would try to maximize their efforts by targeting the wealthiest individuals, where a single successful hit would be most profitable.

Additionally, attackers could try to combine government IDs with financial data for tax fraud, fraudulent credit applications, which could be a major headache for victims.

Has my data been leaked?
Check Now

Meanwhile, CIRO noted that, as the organization does not collect account login details, this type of data could not be exposed to a cyberattack. It also said it will provide impacted investors with two-year complimentary credit monitoring services.

ADVERTISEMENT

“We are intent on doing right by those who are personally affected,” said Andrew Kriegler, President and Chief Executive Officer of CIRO.

The organization did not specify what prompted it to dub the phishing attack as “sophisticated.” Typically, these types of attacks involve a malicious email or a document being sent to the target organization. Once somebody inside the organization opens it and proceeds to follow the attacker's instructions, malware can be deployed in numerous ways.

Unlock exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked