CIRO Confirms Data Breach on 750,000 Canadian Investors

CIRO Confirms Data Breach on 750,000 Canadian Investors

The Canadian Investment Regulatory Organization (CIRO) confirmed a major data breach. The breach was first identified in August 2025. Initially, the attack impacted approximately 750,000 Canadian investors. A comprehensive forensic investigation concluded on January 14, 2026. The national regulator revealed that hackers took highly sensitive data. Stolen information included Social Insurance Numbers and dates of birth. Annual income details and government-issued IDs were also leaked. Furthermore, the exfiltrated data included investment account statements.

Source: Bleeping Computer, Cyber Press

Penta Security’s Cloudbric Managed Rules Expands Three Service Regions

Penta Security announced the expansion of its Cloudbric Managed Rules for AWS WAF into three new regions: Mexico, Thailand, and Taipei (Taiwan). This move follows previous 2025 expansions into Canada and Malaysia, bringing the service’s total global availability to 33 regions. Cloudbric Managed Rules is designed to simplify web security for AWS users by providing pre-configured, expert-managed security policies that can be deployed instantly without specialized technical knowledge.

Source: EIN Presswire

Ingram Micro Ransomware Attack Affects 42,000 People

On January 19, 2026, IT giant Ingram Micro confirmed a major data breach. The breach stemmed from a ransomware attack in July 2025, affecting a total of 42,521 individuals. The attackers, identified as the SafePay ransomware gang, exfiltrated 3.5TB of documents. Specifically, stolen files included sensitive employment and job applicant records. The records contained names, Social Security numbers, and dates of birth, driver’s licenses, and passport information. Consequently, the 2025 attack caused a massive global IT outage, forcing many employees to work from home.

Source: Bleeping Computer

Grubhub Confirms Data Breach

On January 15, 2026, Grubhub confirmed a recent security breach after hackers accessed its systems and downloaded data. According to reports, the company is also facing extortion demands from the attackers. Grubhub stated that the intrusion was identified and contained, and that sensitive information was not impacted. However, the company declined to provide specific details on the number of affected individuals or the exact nature of the stolen data.

Source: Bleeping Computer

Pax8, Cloud Marketplace Accidentally Exposes Partner Data

An employee at Pax8 accidentally exposed internal data for 1,800 partners. This happened when they mistakenly emailed a spreadsheet to 40 recipients. The file contained over 56,000 sensitive entries. Furthermore, these entries included customer names and Microsoft license counts. The data also featured financial bookings and contract renewal dates. Pax8 maintains that the leak involved no personally identifiable information. However, industry sources report that threat actors are already trying to buy the dataset.

Source: Bleeping Computer

Click here to subscribe our Newsletter