Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label CIRO data breach. Show all posts
investment industry regulator hack
Bay Street executives Canadian banks cybersecurity CIRO data breach Data Breach investment industry regulator hack

Bay Street Executives Warned After CIRO Data Breach Exposes Personal Information

 

Senior executives on Bay Street are being alerted that their personal details may have been exposed in a cybersecurity breach at Canada’s investment industry regulator.

On Tuesday, the Canadian Investment Regulatory Organization (CIRO) began mailing letters to registered members, informing them that hackers may have accessed personal data during an Aug. 11 cyberattack targeting the regulator.

CIRO spokesperson Sean Hamilton confirmed to The Globe and Mail that “letters are being sent out to all current and former registrants of member firms, informing them about the cyber incident and how they can protect themselves.” The notifications cover not only financial advisers but also executives, supervisors, traders and investors — anyone required to register with CIRO. This means top leaders at Canada’s largest financial institutions, including Bank of Montreal, Bank of Nova Scotia, Canadian Imperial Bank of Commerce, Royal Bank of Canada and Toronto-Dominion Bank, are among those potentially impacted.

Executives in capital markets, wealth management, and investment divisions — both current and former — are receiving these notifications. Independent firms such as Richardson Wealth, Wellington Altus and Canaccord Genuity Group Inc. also have registered leaders who may be affected.

According to CIRO, the compromised data may include personal names, home addresses, emails, phone numbers, dates and places of birth. In some cases, bank account details, investment information, beneficiary data, civil and criminal disclosures, investigation records, and even passport details for non-Canadian citizens could have been accessed. However, CIRO clarified that social insurance numbers and credit card or payment data were not part of the breach.

The regulator first detected the cyber threat in August and “proactively” shut down parts of its system to secure information while launching an investigation. Investment firms were notified on Aug. 18, but affected individuals only began receiving letters on Sept. 9.

Many executives are registered with CIRO as the “ultimate designated person” (UDP), tasked with overseeing compliance obligations. These roles may include chief compliance officers, CEOs, CFOs, or COOs. Canada’s major banks typically have multiple executives registered due to their various business arms. Even former executives remain within CIRO’s records if they once held registered roles, which explains why some retirees and past registrants are also receiving notices.

While BMO, Scotiabank, CIBC, RBC and TD Bank declined to comment, Canadian Bankers Association spokesperson Nathalie Bergeron said, “While the incident did not occur on member systems, we are working closely with CIRO to understand the impacts. Our members’ primary focus is on the safety and security of personal information.”

CIRO stressed that Canadians’ individual investments are not at risk. The regulator holds only limited investor information for compliance purposes. If the investigation confirms that investor data was compromised, CIRO said it will notify them directly and provide protection services.
Read more »
Subscribe to: Posts (Atom)