Data breach affected 750,000 investors, securities regulator says

The Canadian Investment Regulatory Organization says a phishing attack last August exposed personal information and account statements of about 750,000 investors, and it has begun notifying affected people while offering two years of credit monitoring.

Canada's investment industry regulator says a data breach disclosed last summer was more extensive than first reported. The Canadian Investment Regulatory Organization identified a phishing attack on Aug. 11 and says investigators found that personal information and account statements of about 750,000 investors were accessed. The regulator has begun notifying affected people and announced two years of credit monitoring and identity protection. Known details: - The regulator reported a phishing attack identified on Aug. 11 that accessed personal information and account statements of about 750,000 investors. - CIRO says there is no evidence the information has been misused and that it notified law enforcement and privacy authorities. - Notifications to affected people began Jan. 14 by mail or email, and the regulator is offering two years of credit monitoring and identity protection. - CIRO says it completed a lengthy investigation with forensic experts and has strengthened its cybersecurity and data-security practices. Summary: The disclosure shows the breach affected a large number of investors and expanded beyond earlier findings. CIRO is notifying those affected and providing monitoring services, and it reports that the investigation has concluded and defenses have been enhanced. Mailed notifications may take several weeks to arrive.