Published: Wed, May 30, 2018
Finance | By Gustavo Carr

CIBC Simplii, hack, data breach

CIBC Simplii, hack, data breach

In order to ensure the integrity of the stolen data, hackers have now demanded a random of $1 Million worth of XRP, otherwise, they promise to leak the personal data online.

Unknown hackers attacked the leading Canadian banks Bank of Montreal (BMO) and Simplii Financial, the subsidiary of the Canadian Imperial Bank of Commerce (CIBC). In the case of Simplii Financial, around 40,000 customer accounts have been affected, but numbers have not been revealed for the Bank of Montreal.

BMO Financial Group and Simplii Financial issued statements today saying that fraudsters contacted them May 27 claiming to have accessed client information.

The bank said it believes the attack came from outside the country.

"BMO has strong and robust processes in place to protect customer data and we take customer privacy very seriously", said the company. Reportedly, BMO is reaching out to its clients, and asking them to get in touch if they have experienced any unusual activity on their accounts. "We have notified and are working with relevant authorities as we continue to assess the situation", BMO said in a statement.

"We became aware of unverified claims that customer personal and financial data may have been accessed by a fraudster and a threat was made to make it public".

More news: Tropical cyclone Mekunu unlikely to reach UAE

Simplii has since implemented additional online security measures such as enhanced online fraud monitoring.

More than 90,000 people have had their bank details accessed by hackers, who are asking for $1 million in ransom. It's not clear if they are trying to extort money from the banks in exchange for not publishing the data, and if so, how much they are requesting.

James Lerud, head of the Verodin Behavioral Research Team, said the incident appears to be an extortion attempt by the hackers, where they threaten to publish stolen data unless they receive a ransom. CIBC said customers at its main banking division were not affected.

The bank is now investigating if the claim is true, but in the meantime, it says it deployed "enhanced online fraud monitoring and online banking security measures" to prevent abuse of customers' data.

New federal data breach regulations which would require mandatory reporting of security breaches are set to take effect on November 1.

Like this: