top of page
Search

CIRO Cybersecurity Incident – Advisor Guide to Protecting Yourself

Updated: Sep 22

On August 11, 2025, CIRO detected a cybersecurity incident involving unauthorized access to advisor registration data. While the investigation continues, CIRO has confirmed that personal information was exposed, including:


  • Name, residential address, date of birth, country of birth

  • Gender, eye/hair color, height, weight

  • Email address and any civil/criminal disclosures

  • Potentially: passport number, solvency/financial disclosures, outside activities, beneficiary details


Although there is no evidence yet that this information has been misused, advisors should act immediately to protect themselves.


Protecting Yourself After the CIRO Cybersecurity Incident


Notice on CIRO's website.

Step 1: Enroll in Credit Monitoring & Identity Protection


CIRO is offering 2 years of free credit monitoring with both Equifax and TransUnion. Once you receive instructions, register without delay. These services will:


  • Alert you of any changes to your credit file

  • Notify you of potential fraudulent activity

  • Provide access to identity theft resolution specialists


Contact Equifax at 1-800-465-7166

Contact TransUnion at 1-800-663-9980

Québec residents can request a credit freeze at no charge.


Step 2: Protect Against Phishing & Fraud


Cybercriminals may use this incident to target advisors with fake emails, texts, or calls. Protect yourself by:


  • Never clicking on links or attachments from unknown or suspicious sources

  • Verifying senders before responding (especially if they appear to be CIRO or regulators)

  • Using multi-factor authentication (MFA) wherever possible

  • Keeping work and personal devices secure with updates and antivirus software


Step 3: Monitor Your Financial & Personal Accounts


Be proactive in reviewing your accounts:


  • Check bank, credit card, and investment accounts regularly for unusual activity

  • Obtain your credit report at least twice a year from both credit bureaus

  • Report any suspicious transactions immediately to your financial institution


Step 4: Strengthen Your Cybersecurity Practices


Advisors are high-value targets for cybercriminals. Beyond this incident, take the following measures:


  • Use strong, unique passwords and a password manager

  • Enable MFA on all advisor portals, email, and banking systems

  • Avoid using public Wi-Fi for work activities

  • Train staff to recognize phishing attempts and escalate concerns quickly


Common Phishing & Cyberattack Tactics Targeting Advisors


  1. Impersonation of Regulators (CIRO, MFDA, IIROC, OSC, CRA, etc.)

  2. Fake emails or letters claiming to be from a regulator.

  3. Urgent language like “Your license may be suspended” or “Action required on compliance review.”

  5. Links that lead to fake portals to steal login credentials.


  6. Client Impersonation

  7. Hackers pose as existing clients using email spoofing.

  9. Requests for wire transfers, updates to banking instructions, or urgent document access.


  10. Vendor / Institution Spoofing

  11. Fake emails that look like they’re from insurance carriers, mutual fund companies, or custodians.

  13. Contain links to “updated forms” or “policy changes.”


  14. Malicious Attachments

  15. PDFs or Excel files disguised as statements, application forms, or compliance notices.

  17. Once opened, they install malware/keyloggers.


  18. Business Email Compromise (BEC)

  19. Hackers gain access to an advisor’s or staff member’s email.

  21. They quietly monitor communication, then insert fraudulent requests at the right time.


  22. Credential Harvesting via Fake Portals

  23. “Login required” pages mimicking CIRO, carrier portals, or even Microsoft/Google sign-ins.

  25. Collects your username/password and allows attackers to enter the real systems.


  26. SMS & Phone Scams (“Smishing” & “Vishing”)

  27. Texts with links to fake regulatory notices.

  29. Calls pretending to be regulators, IT, or even firm security teams asking for “verification.”


How Advisors & Teams Can Stay Vigilant


Verify Sender Identity


  • Always check the sender’s email address carefully (look for small spelling errors or unusual domains).

  • Pick up the phone and call the known contact if you’re unsure.


Don’t Click, Hover First


  • Hover over links to see the real URL before clicking.

  • If it doesn’t match the legitimate domain, do not open.


Use Multi-Factor Authentication (MFA)


  • Enable MFA for email, advisor portals, and CRM systems.

  • Even if a password is stolen, MFA makes it much harder for attackers to get in.


Educate Your Team Regularly


  • Train staff to recognize phishing red flags (urgent language, unexpected attachments, odd grammar).

  • Encourage a “trust but verify” culture—better to double-check than make a costly mistake.


Secure Email & Devices


  • Use encrypted email when sending client information.

  • Keep antivirus and software patches up to date.

  • Lock devices when not in use (especially in shared offices).


Establish a Clear Incident Response Process


  • Staff should know exactly who to notify immediately if they click something suspicious.

  • Early action can limit damage.


Monitor Accounts Frequently


  • Watch for unusual logins or transactions in firm systems and financial accounts.


Step 5: Stay Updated & Supported


We will continue to share updates and practical guidance as this develops. Visit www.myadvisorgroup.ca regularly for:


  • The latest updates on the CIRO breach

  • Step-by-step guides to protect yourself

  • Contact points for further support

  • Cybersecurity best practices tailored for advisors


Final Takeaway


This cybersecurity incident is a serious reminder that cybersecurity is no longer optional—it’s essential. Protecting client information starts with protecting your own. Take action now, stay vigilant, and lean on our advisor community for support.


Understanding the Importance of Cybersecurity


In today's digital landscape, cybersecurity is critical. As advisors, we handle sensitive information daily. It's not just about protecting ourselves; it's about safeguarding our clients' trust. By implementing robust cybersecurity measures, we can ensure a safer environment for everyone involved.


Building a Culture of Security Awareness


Creating a culture of security awareness within your team is vital. Regular training sessions can help everyone stay informed about the latest threats. Encourage open discussions about cybersecurity challenges. This approach fosters a proactive mindset, making it easier to identify and mitigate risks before they escalate.


Conclusion: Take Charge of Your Cybersecurity


In conclusion, the recent CIRO incident serves as a wake-up call. Cyber threats are real, and they can impact us all. By taking the necessary steps to protect ourselves and our clients, we can navigate this evolving landscape with confidence. Remember, your cybersecurity is in your hands. Let's work together to create a safer future for our community.

My Advisor Group Canada

© 2024 MyAdvisor Group. All Rights Reserved.

The information provided on this website is for educational purposes only and is not intended as financial, legal, or tax advice. Advisors should consult their dealer and compliance department before acting on any information. MyAdvisor Group is not responsible for errors or omissions, or for results obtained from the use of this information.

info@myadvisorgroup.ca

bottom of page