Cyber Incident Victim: InvestorCOM

InvestorCOM Inc. experienced a cybersecurity incident involving unauthorized access to its systems related to GoAnywhere, a third-party secure file transfer application. The company became aware of the breach on or around January 30, 2023, noting that this incident affected multiple organizations beyond InvestorCOM. The compromise specifically targeted the company's SFTP system hosting the GoAnywhere application, though InvestorCOM confirmed its primary internal systems remained unaffected and fully operational throughout the event. Upon discovery, InvestorCOM immediately engaged external cybersecurity experts to conduct a forensic investigation and implement corrective measures. The investigation confirmed the breach was contained, with no ongoing threat to company infrastructure or client services. InvestorCOM maintained business continuity during and after the incident, continuing to deliver services without interruption.

The forensic investigation determined that information pertaining to a limited number of Canadian clients was compromised through the GoAnywhere breach. InvestorCOM notified all affected clients directly and collaborated with them to address potential concerns. The company emphasized that no other systems or client groups beyond those explicitly identified were impacted. InvestorCOM issued a public statement acknowledging the incident, apologizing for any inconvenience caused, and reaffirming its commitment to security and privacy standards. Contact information for media inquiries was provided through Karen Makedon, Vice President of Marketing, though no additional technical details about the attacker's methods or data exfiltration scope were disclosed in the available statement.