Let's talk. Schedule your FREE, no-obligation consultation with our team today! Book here

← Back

An Update Regarding the C.I.R.O Cyber Security Incident

By Stan Clarke, February 24, 2026

Dear Friend and Clients,

There continues to be more questions than answers regarding the CIRO Cyber Security Incident and there have been two class action lawsuits filed against CIRO for its negligence in protecting personal data. We even read an article where CIRO recommended that investment advisors do not reach out to their clients about this breach, only addressing the issue if the client asks questions! CIRO is also refusing to provide advisors a list of their clients that are affected. And the CIRO FAQ web page contradicts itself, saying that the hack was via the National Registration Database (NRD) and then saying that NRD was not affected. Of course, none of this sits well with Joyce and I and it is contrary to our business ethics.

Joyce and I received the letter from CIRO as individual investors and account holders, it was not addressed to us in our capacity with Mirador. As such, we are going to share what we have decided to do from a personal perspective, as a result of our own research, which included reaching out to our contacts at other financial institutions.

For all individuals impacted by the cyber breach, CIRO is offering a 2 year subscription to services offered by both Trans Union of Canada and Equifax, two of Canada’s leading consumer reporting agencies. The subscription includes online credit monitoring and identity restoration services at no cost.

We have learned that by subscribing to these online credit agencies, we will have instant access to our credit rating, and it will also show if our emails are on the dark web. In addition, we will be notified immediately anytime there is a new credit inquiry for either of us. A common form of fraud the banks are seeing is that fraudsters will apply for a credit card online using the stolen information. The credit card applications do trigger a credit rating review. Hence, if we receive an alert from the above agencies that there has been a credit inquiry and we are not aware of the request, we can follow up immediately. It is our understanding that TransUnion and Equifax will assist in this process.

Joyce and I have decided that these services will be helpful in maintaining our “high vigilance mode” so we each subscribed with both entities – signing up was all done online, using the links provided in the CIRO letter. It was very straightforward, quick and easy. We were not required to provide any personal information other than our name, address and date of birth and we were not required to do anything over the phone.

In addition to subscribing to these services, we have done the following:

  • familiarized ourselves with common phishing and fraud schemes so that we do not fall prey to attempts. If you have not done so already, we encourage you to read the article we mentioned in our January 28th letter which outlines various common fraudulent schemes and other uses of illegally required information. We are providing the link again:

ASC warns Alberta investors of the top misleading investment fraud tactics to watch for in 2026 | ASC

  • We’ve also found that The Government of Canada has some excellent resources about cyber security and we spent some time reviewing the information they provide, which can be found by clicking this link: Canadian Centre for Cyber Security
  • Joyce and I are also attending some webinars offered by our bank which focus on tips to reduce exposure to cybercrime
  • We are not answering any phone calls from unknown numbers
  • We have learned that if you do receive a phone call from anyone claiming to be from Visa or MasterCard, DO NOT provide any information to them in the initial call. There are a lot of fishing expeditions out there. What you should do instead, is to tell them you will call back. Then, do NOT call the phone number they are giving you (even if call display shows it is coming from your bank). Only call the phone number that is on the back of your credit card. Or better yet, drive to your bank branch and deal with a real human that has clear and legitimate identification
  • Mirador is currently inquiring about cyber security insurance. It is our understanding if we are able to obtain this insurance at competitive rates, the coverage will extend to our clients.

As we have mentioned previously, both Mirador and our custodian, RBCIS, are exceptionally careful with client information. Additionally, there are numerous requirements in place that must all be met prior to sending cash from a client’s account to their bank account. Also, we do not allow payments to third parties, so there will never be an instance where cash can be sent to any recipient other than yourselves.

Lastly and perhaps most importantly, remember that by holding units of the Mirador Income and Stability Fund, you will not likely ever have a large cash balance in any of your investment accounts. Instead, portfolio cash is held within the fund itself. For someone to get cash from your account, they would have to first request a redemption of units with Joyce or Stan. And we know everyone well enough and we always ask questions to ensure we are only taking instructions from the actual client. This adds an additional layer of protection for you.

We will remain in ‘high vigilance mode” and if we become aware of any additional pertinent information, we will be sure to send out another update. As always, please call us if you have any questions, comments or concerns.

Sincerely,

Stan
403-608-4664

Joyce
403-608-4664