CIRO has confirmed a cybersecurity breach affecting approximately 750,000 Canadian investors.
According to CIRO, no passwords or PINs were compromised. However, the risk of identity theft is real. To assist impacted investors, CIRO will provide two years of free credit monitoring and identity theft protection. Affected clients will receive a notification letter directly from CIRO with more details. If you have not received a letter and are concerned that you may be impacted, please reach out to CIRO. You can contact their dedicated support line at 833‑489‑8338 or visit www.ciro.ca/ciro-cybersecurity-incident for more information.
Below is a step‑by‑step list of actions that affected investors should take:
Risk‑Mitigation Checklist for Affected Investors
1. Activate CIRO’s Credit Monitoring and Identity Theft Protection
- Look for CIRO’s notification letter (beginning January 14, 2026).
- Follow the enclosed instructions to enroll in two years of free credit monitoring with both Equifax and TransUnion.
- This service will alert you to unauthorized credit inquiries or new credit accounts.
2. Place an Alert or Credit Fraud Warning on Your Credit Files
- Contact Equifax (at 1‑866‑349‑5204 ) or TransUnion (at 1‑800‑663‑9980) to add a fraud alert to your profile.
- This requires lenders to take extra verification steps before approving credit.
3. Review Your Bank and Investment Accounts Frequently
- Monitor all statements for unusual activity.
- Look for changes in contact information, unexpected transactions, or new accounts opened in your name.
- Notify your financial institution immediately if anything looks suspicious.
4. Be Extra Vigilant About Phishing Attempts
- Attackers may use stolen data to create convincing emails, texts, or calls.
- Never click unsolicited links or provide information to someone who contacts you unexpectedly.
- When in doubt, contact your advisor or financial institution directly using official contact information.
5. Enable Two‑Factor Authentication Wherever Possible
While CIRO did not hold passwords, criminals may attempt to exploit your broader digital footprint.
- Turn on multi‑factor authentication for email, banking, and investment portals.
- Strengthen your passwords if you haven’t updated them recently.
6. Check Your Credit Reports Regularly
- Request your free annual credit report from both major bureaus.
- Review it for accounts you don’t recognize or incorrect information.
7. Document Everything
- Keep copies of communications from CIRO.
- Take notes on any suspicious activity you observe.
- This may be helpful later if identity theft occurs.