Sensitive banking information of nearly 100,000 people stolen from major Canadian banks

Earlier this week more than 90,000 people have been affected by recent cyber-attacks aimed at two of the largest banks in Canada – Bank of Montreal (BMO) and Canadian Imperial Bank of Commerce’s Simplii Financial (CIBC). Both banks confirmed in separate statements that foreign state hackers might have managed to access the information of nearly 100,000 of their customers. Bank representatives confirmed that they believe the attacks came from fraudsters that are based out of state.

On Sunday both banks were approached by foreign hackers who claimed to have access to the personal information of a considerable portion of their customers.

BMO immediately went out with a statement claiming cyber criminals contacted them stating that they managed to obtain personal and financial information. CIBC did not wait with the announcement too – Michael Martin, Senior Vice-President at Simplii Financial, said they are taking the claim seriously and have taken action to enhance their monitoring and security procedures further. In a statement, he said he feels that it is essential to inform clients so that they can also take additional steps to safeguard their information.

Both BMO and CIBC confirmed that after they received the claims, they immediately started taking steps to close off the vulnerabilities that caused the incidents. The banks are collaborating with the authorities and will be reimbursing their clients should they experience money lose because of the breach. According to spokespeople of BMO and CIBC, they are confident that the identified exposures related to customer data have been closed off. Both banks are currently getting in touch with the affected customers offering them support and guiding them how to monitor their bank accounts for suspicious activity. Simplii even approached all its customers advising them to use a complex password and PIN as well as to keep an eye on their accounts for suspicious activity.

Currently, the exact type of the information that has been stolen is unknown.

Luckily, the other major banks in Canada – Royal Bank of Canada, Bank of Nova Scotia or Toronto-Dominion Bank – are not amongst the affected by the breach. No US banks are known to have been affected either. The office of the Privacy Commissioner of Canada has been notified about the incidents.
Now the only question is why the banks did not manage to detect the breach themselves? The claims came after the banks have been approached by the hackers. It is currently unknown for how long BMO and CIBC systems have been vulnerable.

Panda Security reminds of the need always to be adequately protected against malicious software. Practicing common sense and making sure all your apps and operating systems are updated, makes you a hard target for the cybercriminals.

Download your Antivirus