Huge data breach reveals info on 750,000 investors - here's what we know, and how to see if you're affected

News
By published

CIRO reveals more details on major 2025 data breach

An abstract image of a lock against a digital background, denoting cybersecurity.
(Image Credit: TheDigitalArtist / Pixabay) (Image credit: Pixabay)
  • CIRO breach exposed sensitive data of 750,000 Canadian investors
  • Hackers stole personal details but not passwords or PINs
  • CIRO offers two years of free credit monitoring and identity protection

The 2025 cyberattack at the Canadian Investment Regulatory Organization (CIRO) affected roughly 750,000 Canadians, it has now confirmed.

Founded in 2023, CIRO is Canada’s national self-regulatory body that oversees investment dealers, trading activity, and market integrity.

In mid-August 2025, CIRO disclosed a cyberattack and data breach, saying it was forced to shut down parts of its infrastructure and launch an 'extensive forensic investigation' to better understand what happened.

CIRO protects its customers

The investigation is wrapped up, and found approximately 750,000 Canadian investors have had sensitive data exposed by the hackers, including dates of birth, phone numbers, annual income, social insurance numbers, government issued ID numbers, investment account numbers and account statements.

Login details such as passwords, security questions, and PINs, were not stolen, CIRO said, but this still makes this breach quite dangerous. With all this information, cybercriminals can launch compelling phishing attacks, tricking victims into sharing those login credentials, and accessing their investment platform of choice.

CIRO said that its investigation into the matter was robust, as its investigators spent more than 9,000 hours looking into the matter.

The conclusion is that the data has not leaked on the dark web and has not been misused. Still, it provided all affected individuals with two years of free credit monitoring and identity theft protection services, which will definitely come in handy if those phishing emails start coming in.

Those who are affected by the breach will receive a direct email from CIRO, with instructions on how to sign up for the identity protection service. Those that don’t receive a notice can reach out to CIRO directly.

Via BleepingComputer

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.