The Canadian Investment Regulatory Organization (CIRO) says it shut down some of its systems after detecting a cybersecurity threat on August 11. The regulator confirmed on August 18 that while its real-time equity market surveillance operations remain unaffected, preliminary findings show that personal information of member firms and their registered employees was compromised.

As a precaution, CIRO immediately took systems offline and launched an investigation. The organization said it is working with external cybersecurity and legal experts, along with law enforcement, to determine the scale of the breach. “Given the high standard of security that CIRO expects of both itself and its members, we are deeply concerned about this, and know our members will be too,” the watchdog stated.

Critical functions were kept online throughout the disruption, ensuring Canada’s markets continued to operate normally. CIRO emphasized that Canadians’ investments are not at risk, noting that it only receives limited investor information through compliance checks. Still, the organization added that if any investor data was impacted, affected individuals would be notified and offered risk mitigation services.

The regulator is prioritizing identifying which registrants were affected. According to its statement, “our priority is to actively investigate which individual registrants may have been affected and once determined, to notify those individuals directly and provide risk mitigation services.”

CIRO, which oversees investment dealers, mutual fund dealers, and trading activity across Canada’s equity and debt markets, has not provided a timeline for when its investigation will conclude. However, officials say more information will be shared in due course as the inquiry progresses. For now, CIRO maintains that no active threat remains within its systems.