May 29th, 2018
What's the issue?
On Monday, both Simplii Financial and the Bank of Montreal revealed that they were victims of an attack that compromised customer accounts. BMO disclosed that up to 50,000 customers were affected and Simplii Financial says that 40,000 customers were affected. While the full extent of this incident is not yet know, so far the damages of the attacks include stolen personal information and lost money from affected accounts.
The media has reported that they have received a letter from a person threatening to sell the compromised data if the banks do not meet their demand of a $1-million ransom. In the letter a sample of the compromised information was released, and it showed the name, date of birth, social insurance number, account balance, as well as the answers to the security questions associated with the account, that the media confirmed as legitimate.
Also, some of the affected customers have reported that they have seen fraudulent transfers of money from their accounts. In some cases the banks were able to flag those fraudulent transfers and block them, but for the ones that went through at least for Simplii Financial, they say, "if a client is a victim of fraud because of this issue, we will return 100 per cent of the money lost from the affected bank account."
What should I do?
If you are the account holder of an affected account you will be contacted by Simplii Financial and BMO respectively. However, as this incident is still being investigated and the full extent of it is not known, we recommend that all customers of these banks monitor their accounts for unauthorized transactions and suspicious activities. It is also good practice to change your password to your account and to never reuse a password for another account. NPC will continue to monitor this incident and will provide information for significant new developments as it may affect you.
CBC - BMO and CIBC-owned Simplii Financial reveal hacks of customer data
For more information:
IT World Canada - BMO, CIBC victims of cyber breach, attackers demand $1 million from each in cryptocurrency
The Globe and Mail - Streetwise newsletter: BMO, Simplii hit with data breach