Global Risk Intelligence: January 19, 2026 Executive Briefing

PRIVACY RISK

3.7M Records Exposed: Canada's Investment Watchdog Suffers Massive Phishing Heist

On January 14, 2026, the Canadian Investment Regulatory Organization (CIRO) concluded a forensic investigation into a cyber incident first detected on August 11 and disclosed on August 18, confirming impacts to about 750,000 Canadian investors. Exfiltrated data varies by individual and may include dates of birth, phone numbers, annual income, Social Insurance Numbers, government ID numbers, investment account numbers, and account statements. CIRO says it does not store login credentials or security questions and reports no evidence of dark web publication or misuse after 9,000 investigative hours. CIRO will provide two years of credit monitoring and identity-theft protection to affected individuals.

More info

PHYSICAL RISK

Gang Drills into German Bank Vault on Christmas, Hits 3,000 Safe-Deposit Boxes

German police are investigating a professionally executed vault burglary at a Sparkasse branch in Gelsenkirchen, North Rhine-Westphalia, discovered after a fire alarm early on December 29, 2025. Suspects reportedly drilled from an adjacent parking garage into the vault, forced open more than 3,000 safe-deposit boxes, and escaped the same way. About 2,700 customers are affected. Loss estimates range from at least €10 million to as high as €90 million, with insurance typically capped at around €10,300 per box. Authorities are reviewing CCTV and tracking a black Audi RS 6 linked to stolen plates from Hanover.

More info

REPUTATIONAL RISK

Nestlé's Toxin-Tainted Baby Formula Widened to 46 Countries - $1.3B at Risk

Nestlé’s January 6, 2026, precautionary recall of select infant and follow-on formulas (NAN, BEBA, Guigoz, SMA, Alfamino) expanded beyond Europe to 46 countries after possible cereulide contamination, a Bacillus cereus toxin. Reuters reported CEO Philipp Navratil apologized on January 14, saying recall actions were completed, and no illnesses had been linked so far. Analysts at Jefferies estimate up to SFr1.2bn, about 1.3% of group sales, at risk. Barclays sees 0.8–1.5%, while Nestlé says the impact is under 0.5%. The episode raises ongoing brand-trust and regulatory scrutiny risks in a reputation-sensitive category.

More info

TECHNOLOGICAL RISK

Radware Exposes "ZombieAgent" ChatGPT Prompt Injection That Silently Steals Your Emails

Radware researcher Zvika Babo disclosed “ZombieAgent” on January 8, 2026, alleging prompt-injection pathways in ChatGPT’s Connectors and Memory that could enable covert data exfiltration from linked apps like Gmail, Google Drive, GitHub, Outlook, and from prior chats. The report describes “zero-click” and “one-click” cases where attacker-controlled content in emails or shared files triggers server-side leakage. Persistence occurs by writing instructions into Memory, and propagation happens by harvesting contacts to replicate the lure. Radware says it reported the issue via Bugcrowd on September 26, 2025; OpenAI patched on December 16, 2025.

More info

HEALTH RISK

Contaminated Supplement Powder Sickens 45 in 21 States

On January 14, 2026, CDC and FDA expanded a multistate investigation linking Salmonella Typhimurium infections to Live it Up Super Greens supplement powder. As of that date, 45 cases across 21 states were identified, with illness onsets from August 22 to December 30, 2025. Of 41 cases with available data, 12 were hospitalized, and no deaths were reported. Among 20 interviewed patients, 16 reported consuming the product. The company initiated a voluntary recall on January 14. CDC advises discarding or returning recalled products and washing items and surfaces that may have contacted the powder.

More info

LEGAL & REGULATORY RISK

BND Seeks 6-Month Internet Traffic Storage & Hacking Authority

A leaked draft from the Chancellery to revise Germany’s BND law would significantly expand “strategic” internet surveillance at collection points such as the DE-CIX exchange in Frankfurt. Reporting by NDR/WDR/SZ indicates the BND could store and analyze captured traffic for up to six months and, crucially, retain content (emails/chats) rather than only metadata—potentially covering traffic from Germany to abroad and affecting roughly 30% of monitored flows. The draft also broadens “Computer Network Exploitation,” enabling hacking of non-cooperative platforms (e.g., Google, Meta, X), including infrastructure located in Germany. Government timing remains unclear. 

More info

OPERATIONAL RISK

Shipping Panic: 36 Tankers Hiding Off Iran's Coast

Shipping data show commercial operators are holding offshore from Iranian ports as U.S.–Iran tensions rise. Between January 6 and 12, tankers inside Iran’s exclusive economic zone increased from 1 to 36, according to Pole Star Global. MarineTraffic recorded at least 25 bulk carriers off Bandar Imam Khomeini and about 25 cargo or container ships off Bandar Abbas. Sources described anchoring outside port limits as a precaution against potential collateral damage. The U.S. began withdrawing some personnel from Middle East bases after Tehran warned neighbors it would target U.S. bases if struck. Combined Maritime Forces also flagged substantial GNSS interference in the Gulf and Strait of Hormuz.

More info

STRATEGIC RISK

Meta Commits Billions to Nuclear Energy

On January 9, 2026, Meta announced agreements with Vistra, Oklo and TerraPower to support its AI infrastructure, targeting up to 6.6 GW of nuclear capacity by 2035. A 20-year PPA with Vistra covers 2,176 MW from the Perry and Davis-Besse plants in Ohio and 433 MW of uprates across those units and Beaver Valley in Pennsylvania. Meta will also prepay to advance Oklo’s 1.2 GW Aurora campus in Pike County, with the first phase as early as 2030, and fund two TerraPower Natrium units, up to 690 MW by 2032, with rights for six more by 2035. Delivery depends on licensing and construction.

More info

FINANCIAL RISK

Cuba Braces for Blackouts as Maduro Falls from Power

Following the U.S. capture of Venezuela’s Nicolás Maduro on January 3, 2026, Cubans are bracing for a sharper energy and economic squeeze as Washington tightens enforcement against Venezuelan oil flows. Reuters reports Cuba has received no Venezuelan cargo for refining since mid-December. In 2025, it averaged about 26,500 barrels per day from Venezuela, roughly one-third of daily needs. With Mexico and Russia providing limited volumes, further cuts could prolong blackouts, often 12 to 20 hours in some areas, and deepen food and medicine shortages.

More info

POLITICAL RISK

Ukraine's Energy Crisis Deepens as Russian Strikes Leave 72,000 Families Without Heat

On January 17, 2026, President Volodymyr Zelensky called for an immediate increase in electricity imports after Russian overnight strikes on January 16 and 17 damaged energy and gas infrastructure, causing emergency outages. Ukraine can generate about 11 GW versus 18 GW needed, or about 60 percent, while import capability tops out at 2.3 GW and high prices limit volumes. Ukrenergo said about 16,000 consumers in Odesa lost power. DTEK reported 56,000 families affected in Bucha district. With temperatures near minus 20 degrees Celsius, Kyiv formed a task force led by Energy Minister Denys Shmyhal. Germany pledged €60 million and the UK accelerated £20 million for energy support.

More info