嗯,用户让我用中文总结一篇文章,控制在100字以内,而且不需要特定的开头。首先,我需要仔细阅读文章内容,找出关键信息。 文章主要讲的是加拿大投资监管机构CIRO在2025年8月遭遇的数据泄露事件,影响了约75万人。泄露的数据包括个人和财务信息,但没有密码或PIN被泄露。CIRO已经采取措施控制了事件,并提供了两年的免费信用监控作为补救措施。 接下来,我要把这些信息浓缩到100字以内。要确保包含事件的时间、机构名称、受影响人数、泄露的数据类型以及补救措施。同时,语言要简洁明了,避免使用复杂的句子结构。 可能会遇到的问题是如何在有限的字数内涵盖所有重要点而不遗漏关键细节。需要权衡哪些信息最重要,哪些可以简化或省略。 最后,检查字数是否符合要求,并确保语句通顺自然。 </think> 加拿大投资监管机构CIRO遭遇数据泄露,约75万人受影响。攻击者窃取了包括收入、身份证、联系方式等敏感信息。CIRO已控制事件并提供两年免费信用监控服务。 2026-1-16 15:1:51 Author: securityaffairs.com(查看原文) 阅读量:1 收藏
Data breach at Canada’s Investment Watchdog Canadian Investment Regulatory Organization impacts 750,000 people
A data breach at Canada’s investment watchdog, Canadian Investment Regulatory Organization (CIRO), impacted about 750,000 people.
The Canadian Investment Regulatory Organization (CIRO) is Canada’s national self-regulatory body overseeing investment dealers and marketplaces, protecting investors, enforcing compliance, and maintaining fair, efficient capital markets.
CIRO announced that threat actors stole personal data of 750,000 people in an August 2025 phishing attack. The breach forced some systems offline but did not disrupt critical operations.
CIRO stated it contained the security incident, found no ongoing threat, and confirmed that data tied to member firms and registered employees was affected.
In August 2025, CIRO detected a cyber incident and contained it quickly. The organization notified authorities and launched a forensic investigation with the help of cybersecurity experts. The organization revealed that a limited set of investigative and investor data was copied.
“In August 2025, CIRO identified a cybersecurity incident. We took immediate steps to contain the incident, secure our systems and protect the information in our care. We notified law enforcement and all relevant authorities including privacy commissions across Canada.” reads the FAQ page published by CIRO. “Once contained, we retained a leading third-party forensic IT investigator to determine what information was impacted. After more than 9,000 hours of review, that investigation determined that a limited subset of investigative, compliance and market surveillance data, including some of investor information, was copied from our system.”
CIRO said the breach exposed sensitive personal and financial data, including income, IDs, contact details, account numbers, and statements collected as part of its regulatory and investigative activities. CIRO noted that no passwords or PINs were exposed and said it found no evidence of data misuse or any exposure or activity on the dark web.
“CIRO received this information in the normal course of carrying out its regulatory mandate to protect investors from improper investment conduct and practices, and through its investigative, compliance assessment and market regulation work,” the organization says. “CIRO will delete investor information when no longer required for its investigative, compliance assessment and market surveillance work, however we are unable to process individual deletion requests.”
CIRO is continuing to monitor for malicious activity and is offering affected individuals two years of free credit monitoring and identity theft protection.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Canadian Investment Regulatory Organization)
如有侵权请联系:admin#unsafe.sh