On August 18, 2025, Investia was informed of a cybersecurity incident affecting the Canadian Investment Regulatory Organization (‘’CIRO’’). CIRO originally identified the incident on August 11, 2025, and has since taken several precautionary actions to ensure data integrity and security. 

Preliminary findings indicate that the CIRO registration database was impacted. While the investigation is ongoing, CIRO has confirmed that sensitive personal data such as banking information and Social Insurance Numbers were not exposed as a result of the incident. CIRO is currently assessing whether any other information may have been accessed, and as more details become available, we will provide further updates.

This incident is a reminder to all of us of the importance in taking proactive measures and staying vigilant against cybersecurity threats. A few simple ways you can protect yourself and your clients:

• Always verify the authenticity of any communications to avoid phishing (for example, check the sender’s email address, look for obvious spelling mistakes, etc.);
  
  
• Use a strong password and enable multi-factor authentication across all platforms you use (while this is mandatory for the systems you access through Investia, it is strongly recommended for any other systems you may use);
  
  
• Avoid using the same password across different platforms;
  
  
• Never open a hyperlink or email attachment from someone you don’t know;
  
  
• Use secure methods of communication with your clients;
  
  
• When in doubt – report anything suspicious to Investia. We are here to help.
  
  

For more information regarding the CIRO cybersecurity incident, please refer to the files provided below:

• CIRO Memo - Cybersecurity Threat
• CIRO Update on Recent System Outages
  
  

Should you have any questions, please reach out to your Compliance Officer.