Alert:
For more information on the cybersecurity incident, please visit the cybersecurity incident page.
CIRO cybersecurity incident
Further to our announcement on August 18, 2025, and following a thorough investigation, CIRO is sharing more information about the cybersecurity incident.
What Happened?
On August 11, 2025, CIRO identified a cybersecurity incident. As a precaution, CIRO proactively shut down some of its systems to ensure their safety and immediately started an investigation. Throughout this time, critical functions remained available.
We are confident that the incident is contained and that there is no active threat in ClRO’s environment.
Regrettably, our investigation has found that some investor information and registration information for Member firms and registered individuals has been impacted.
We engaged internal and external experts to perform a technical and forensic investigation to identify the nature and scope of the event. As previously shared, the incident has been successfully contained, and additional system and data security measures have been implemented to enhance our existing cyber security protections.
We deeply regret this has happened and remain committed to providing further updates on this page.
Registrants
Are you a current or former registrant concerned about the cybersecurity incident?
Investors
Are you an investor with a CIRO-regulated dealer and are concerned about the cybersecurity incident?
- Former employees or contractors should direct any questions to Human Resources: humanresources@ciro.ca
- CIRO Hearing Committees’ Members should direct any questions to General Counsel's Office: hearings@ciro.ca
Welcome to CIRO.ca!
You can find the Canadian Investment Regulatory Organization (CIRO) at CIRO.ca with our fresh look and feel.