Data breach exposes clients’ personal information at one of Canada’s largest investment firms

Clients’ names, social insurance numbers and personal addresses were part of a data breach at one of Canada’s largest investment firms.

Clients’ names, social insurance numbers and personal addresses were part of a data breach at one of Canada’s largest investment firms.

Toronto-based Mackenzie Investments confirmed to CTV News Toronto on Wednesday that a third party vendor, InvestorCOM Inc., was compromised by a cyber security incident related to data transfer supplier GoAnywhere.

According to a letter dated April 27 that was sent to a client and obtained by CTV News Toronto, InvestorCOM informed Mackenzie of the incident on March 28. The letter was signed by Mackenzie President and Chief Executive Officer Luke Gould.

The account number, name, address and social insurance number of the Mackenzie client who received the letter last week were part of the data breach.

“For clarity, financial information, such as client holdings and account balances, was not exposed in the incident. It is also important to note that investors’ holdings in Mackenzie funds were not impacted and our systems have not been compromised,” the letter states.

Hackers took advantage of a zero-day vulnerability in GoAnywhere’s file transfer system and accessed customers’ data at the end of January, according to the company.

Organizations around the world were impacted by the ransomware attack, including Proctor and Gamble, Rubrik, and the City of Toronto.