The Globe and Mail reports in its Thursday, Jan. 15, edition that the Canadian Investment Regulatory Organization revealed that a data breach previously disclosed last summer was more extensive than initially thought, affecting personal information and account statements of 750,000 investors. The Globe's Clare O'Hara writes that CIRO announced it has started notifying affected investors about the breach, which resulted from a "sophisticated phishing attack" on Aug. 11. The full scope was uncovered after over 8,000 hours of investigating electronic records. CIRO reported that accessed information may include dates of birth, phone numbers, annual income, social insurance numbers, ID numbers, investment account numbers and account statements. CIRO said it does not collect any account login details, such as passwords, security questions and PINs and "that information was not at risk." Chief executive officer Andrew Kriegler said CIRO has been closely monitoring for any malicious activity and that there is no evidence that the information has been misused or exposed on the dark Web. Mr. Kriegler said: "We are intent on doing right by those who are personally affected. We take our public interest role very seriously."