This memo is to provide an update on the recent cybersecurity incident involving the Canadian Investment Regulatory Organization (CIRO). 
 

On August 18, 2025, Investia was informed of a cybersecurity incident affecting the Canadian Investment Regulatory Organization (‘’CIRO’’). CIRO originally identified the incident on August 11, 2025, and has since taken several precautionary actions to ensure data integrity and security. 

A privacy incident occurs when there is unauthorized access, disclosure, or use of personal information (e.g., social insurance number, date of birth, health status, insurance premium), or when such information is lost or stolen.

Cyber incidents can occur as a result of human error, an external attack or a technical failure. They must be reported quickly to limit the impact and allow the compliance or IT security team to respond.

As summer brings changes to our routines—vacations, remote work, and increased travel—it’s also a time when cybersecurity risks can quickly escalate.

It’s here! Our new cyberincident reporting button is now available on the Advisor Centre:

Recently, we have advanced our security protocols on our technological platforms by introducing multi-factor authentication (MFA) for our Representatives and employees. This feature enhances security by adding an extra layer of protection against unauthorized access. We have also organized informative campaigns to raise awareness about the significance of cybersecurity. Regular mandatory training sessions and informational materials have also been shared to ensure everyone stays informed and alert.