Two of Canada’s largest banks have reported that cyber thieves may have stolen the financial information for over 90,000 of their customers. The thieves sent a message to the two banks over the weekend stating they had successfully stolen customer data and banking records for thousands of their customers. This caused an immediate reaction by both banks.
One of the banks, Simplii Financial, a subsidiary of the Canadian Imperial Bank of Commerce (CIBC), issued a statement that read in part:
“Simplii Financial is advising clients that it has implemented additional online security measures in response to a claim received on Sunday, May 27, 2018, that fraudsters may have electronically accessed certain personal and account information for approximately 40,000 of Simplii’s clients.”
The financial institution began its investigation immediately upon learning of the breach. They sent letters out to customers informing them of the breach, stating they had implemented stronger fraud monitoring and detection, among other security measures.
In part of the statement that Simplii sent to their customers, they reassured them that Simplii would provide full reimbursements to anyone who had lost money due to this hack. They also stated that they were actively working with law enforcement and cybersecurity experts to contain the damages.
Simplii Financial said the breach had only affected a limited number of individuals. They believe that around 40,000 accounts were breached by cyber thieves. At this time, they are not certain of exactly what information was stolen and which accounts were affected.
The Bank of Montreal (BMO) was also affected by the data breach and officials at BMO stated that they believed the financial and personal information for approximately 50,000 customers could have been compromised due to a cyber breach.
Both banks issued strong statements to their customers saying that they were on top of the situation and taking stringent measures to shut down the fraud and protect their other clients from cyber theft. They also reminded customers to change their passwords and PIN numbers. They recommend using complex passwords and stated that easy-to-guess PINs like 12345 should be avoided, as these are easy targets for cyber thieves. The banks also recommended that their customers watch their accounts for any signs of unusual activity and report that at once to banking officials.
Simplii Financial and the Bank of Montreal both said they had been contacted by “fraudsters” who said they were in possession of personal and financial information belonging to their customers.
Authorities are not certain which hacking group is responsible for the attacks but they stated that they were fairly certain the attacks originated from outside of Canada.
A spokesman for BMO said, “They appear to be related,” referring to the two attacks and also that the hacker’s claims were as yet “unverified.” In an email statement, the spokesman also said, “We are working with the relevant authorities and are conducting a thorough investigation.”
BMO officials said they believe that the attacks and exposure to customer data had been shut down and that no further data leaks would occur. Both financial institutions sent letters to their customers reassuring them that every step would be taken to find and prosecute the fraudsters.
The Royal Canadian Mounted Police is working with all Canadian law enforcement agencies to help the two banks conduct their investigations. They do not believe that any other Canadian banks were affected.