SecureFact – Cyber Security News – Week of January 19, 2026

CIRO confirms data breach exposed info on 750,000 Canadian investors

The Canadian Investment Regulatory Organization confirmed that a cybersecurity incident discovered on August 11, 2025, impacted approximately 750,000 Canadian investors.
The breach exposed personal information including dates of birth, phone numbers, annual income, Social Security numbers, government-issued ID numbers, investment account numbers, and account statements.
CIRO spent over 9,000 hours investigating the incident and found no evidence that the stolen data has been misused or published on the dark web.
The organization is providing all affected investors with free two-year credit monitoring and identity theft protection services.
CIRO has strengthened its systems and is working with relevant authorities and security experts to prevent similar incidents.
The company emphasized that login credentials and account security questions were not affected as they do not store such information.
Those confirmed to be impacted will receive direct communication with instructions on how to enroll in the protection services.
This breach was one of the worst cybersecurity incidents in Canada last year alongside similar incidents at other major organizations.

The Kyowon Group, a South Korean conglomerate specializing in education and publishing, confirmed a ransomware attack that occurred on January 10, 2026, around 10 a.m.
The attack potentially exposed information of over 9.6 million accounts registered with the company, corresponding to about 5.5 million people.
The ransomware attack impacted roughly 600 out of Kyowon’s 800 servers, causing significant service disruptions.
The company has confirmed the existence of an external data leak and is conducting detailed investigations with authorities and security experts.
Kyowon immediately responded by notifying Korea’s Internet & Security Agency (KISA) and shutting down certain non-critical systems.
The company is working to restore its online services, with the process reportedly in its final stages.
If customer information exposure is confirmed, the company plans to provide transparent information to affected individuals.
The incident is part of a series of large-scale cyberattacks impacting South Korean companies that exposed sensitive data of large portions of the population.

U.S. digital investment advisor Betterment confirmed that hackers breached a third-party software platform used for marketing activity on January 9, 2026.
The attackers accessed customer information including full names, email addresses, physical addresses, phone numbers, and dates of birth.
The breach affected a subset of Betterment’s more than one million customers who manage $65 billion in various assets.
Hackers used the compromised system to send fraudulent crypto-related messages that appeared to come from Betterment’s legitimate email infrastructure.
The company emphasized that its technical infrastructure remained secure and no customer accounts or credentials were accessed.
Betterment immediately responded by removing unauthorized access and investigating the incident with security experts.
The company is strengthening its protection against social engineering attacks to prevent similar incidents in the future.
Sources indicated that Betterment is also being extorted and is under a distributed denial-of-service (DDoS) attack following the breach.

Grubhub has confirmed that hackers breached its systems and stole data, prompting an ongoing investigation and heightened security efforts, although the company says sensitive customer financial information and order histories were not affected.
According to the report, Grubhub is working with a third-party cybersecurity firm and has notified law enforcement, but would not disclose details about the extent of the breach or specific data involved.
Multiple sources tell Bleeping Computer that the ShinyHunters cybercrime group is now extorting Grubhub, demanding a Bitcoin payment to avoid releasing older Salesforce data from a February 2025 breach and newer data taken from its Zendesk support systems.
The incident may be linked to a broader campaign involving stolen credentials and OAuth tokens from the Salesloft Drift data theft attacks, which have been used to conduct follow-on intrusions across many organizations.

Monroe University has confirmed that a cyberattack in December 2024 resulted in a data breach affecting more than 320,000 people after threat actors gained unauthorized access to its systems.
The attackers were present on the network for about two weeks and stole a range of personal, financial, and health information, which may include names, dates of birth, Social Security numbers, driver’s license and passport numbers, medical and health insurance details, email usernames and passwords, financial account data, and student records.
Monroe University began notifying those impacted in January 2026, offering one year of free credit monitoring services and advising individuals to closely watch their accounts and credit reports for signs of fraud or identity theft.

Central Maine Healthcare breach exposed data of over 145,000 people

Central Maine Healthcare (CMH) disclosed that a data breach last year exposed sensitive information of over 145,000 individuals, including patients and current or former employees, after hackers maintained unauthorized access to its systems for more than two months from March to June 2025.
The compromised data may include full names, dates of birth, treatment details, dates of service, provider names, health insurance information, and Social Security numbers, depending on the individual.
The breach was discovered on June 1, 2025, and CMH completed its investigation by November 6, 2025, before notifying affected individuals.
To help mitigate the risk of fraud, the organization has offered free credit monitoring services and set up a dedicated patient support line for questions and assistance.