Breaches

Canadian Investment Regulator Confirms Data Breach Affecting 750,000 Investors

The Canadian Investment Regulatory Organization (CIRO) has confirmed that approximately 750,000 investors were impacted by a data breach following a phishing attack detected in August 2025.

CIRO, which oversees all investment and mutual fund dealers in Canada alongside trading activity on the country's debt and equity markets, disclosed the scale of the breach after more than 9,000 hours of forensic investigation.

What Was Exposed

The following personal information may have been compromised:

Dates of birth
Phone numbers
Annual income
Social Insurance Numbers (SINs)
Government-issued ID numbers
Investment account numbers
Account statements

Response

CIRO stated there is currently no evidence the stolen data has been misused.

"We continue to monitor for malicious activity and have not identified any threat activity or exposure on the dark web," the organization said.

Affected investors are being offered two years of credit monitoring and identity theft protection through both major credit agencies.

"We are intent on doing right by those who are personally affected," said CIRO CEO Andrew Kriegler. "Matters of privacy and security are extremely important to us, as are our guiding organizational values of transparency and accountability."

Why This Matters

The breach exposes highly sensitive financial data for three-quarters of a million Canadian investors. Social Insurance Numbers combined with investment account details and income information create significant identity theft and fraud risk.

The incident highlights phishing as a persistent threat vector, even for organizations overseeing critical financial infrastructure.

GitHub Confirms TeamPCP Breach of 3,800 Internal Repositories After Employee Installed Poisoned VS Code Extension

GitHub has confirmed that approximately 3,800 internal repositories were compromised after a TeamPCP supply chain attack that began with a single employee installing a poisoned Visual Studio Code extension. The breach was announced on Tuesday after TeamPCP posted claims on an underground forum offering GitHub's stolen source

Nx Console VS Code Extension Compromised — 2.2 Million Installs Exposed to Credential Stealer With Sigstore Supply Chain Poisoning Capability

A compromised version of the Nx Console extension — a popular VS Code plugin with over 2.2 million installations — was published to the Visual Studio Code Marketplace after an attacker leveraged stolen developer credentials to inject a multi-stage credential stealer into the official nrwl/nx GitHub repository. The malicious version

Grafana Confirms GitHub Breach After Coinbase Cartel Demands Ransom — Codebase Stolen via Compromised Token

Grafana Labs has confirmed a data breach after attackers used a compromised token to access the company's GitHub environment and download its entire codebase. The open source visualization and analytics platform disclosed the incident on Sunday, two days after cybercrime group Coinbase Cartel listed Grafana on its leak

Pre-Stuxnet Sabotage Malware Fast16 Confirmed as Nuclear Weapons Simulation Tampering Tool Dating Back to 2005

Symantec and Carbon Black have published a definitive analysis confirming that Fast16, a Lua-based malware framework first surfaced by SentinelOne weeks ago, was purpose-built to sabotage nuclear weapons testing simulations. The findings establish Fast16 as the earliest known cyber sabotage tool targeting nuclear weapons research — predating the first known version

Read more

GitHub Confirms TeamPCP Breach of 3,800 Internal Repositories After Employee Installed Poisoned VS Code Extension

Nx Console VS Code Extension Compromised — 2.2 Million Installs Exposed to Credential Stealer With Sigstore Supply Chain Poisoning Capability

Grafana Confirms GitHub Breach After Coinbase Cartel Demands Ransom — Codebase Stolen via Compromised Token

Pre-Stuxnet Sabotage Malware Fast16 Confirmed as Nuclear Weapons Simulation Tampering Tool Dating Back to 2005