At least 90,000 Canadian bank customers may have been affected by two data breach

On Monday, Two Canada’s five largest banks, the Bank of Montreal (BMO) and Simplii Financial, informed their customers they are investigating a data breach.

The security breach suffered by the Bank of Montreal (BMO) may have impacted less than 50,000 of the overall 8 million customers, the incident suffered by Simplii Financial may have exposed information of 40,000 clients.

“Two Canadian banks warned Monday they have been targeted by hackers, and that the personal information of tens of thousands of customers may have been stolen — something that appeared to be confirmed in a letter to the media from someone who said they were demanding a $1-million ransom from the banks.” reads the post published by CBC.

“CIBC-owned Simplii Financial was the first to warn on Monday morning that hackers had accessed the personal and account information of more than 40,000 of the bank’s customers.”

Exposed data allegedly includes social insurance numbers, dates of birth, and financial information.

In both cases, hackers contacted the bank trying to blackmail them and requested a $1 million ransom from each bank to avoid data disclosure.

BMO excluded the involvement of insiders, it has contacted authorities and notified the incident to potentially affected customers.

“On Sunday, May 27, fraudsters contacted BMO claiming that they were in possession of certain personal and financial information for a limited number of customers.  We believe they originated the attack from outside the country.” reads a press release published by BMO. 

“We took steps immediately when the incident occurred and we are confident that exposures identified related to customer data have been closed off.  We have notified and are working with relevant authorities as we continue to assess the situation.” 

Simplii has not yet confirmed the data breach but informed customers that it’s investigating the issue and has already implemented “enhanced online fraud monitoring and online banking security measures.”

“Simplii Financial is advising clients that it has implemented additional online security measures in response to a claim received on Sunday, May 27, 2018 that fraudsters may have electronically accessed certain personal and account information for approximately 40,000 of Simplii’s clients.” states the security advisory published by the bank.

“We’re taking this claim seriously and have taken action to further enhance our monitoring and security procedures,” said Michael Martin, Senior Vice-President, Simplii Financial.   “We feel that it is important to inform clients so that they can also take additional steps to safeguard their information.”

The bank has reassured its customers that any economic damage will be fully reimbursed.

In addition, Simplii recommends that clients:

  • Always use a complex password and pin (e.g. not 12345)
  • Monitor their accounts for signs of unusual activity

At the time, we cannot exclude that hackers were able to obtain customer data of the two Canadian Banks in other ways, for example collecting them from other data breaches or by targeting customers with spear phishing campaign.

Pierluigi Paganini

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.


10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase