Fraudsters contacted two Canadian banks claiming they stole tens of thousands of customers’ personal and account information.
Simplii Financial, the direct banking brand for the Canadian Imperial Bank of Commerce (CIBC), disclosed on 28 May that fraudsters had contacted CIBC a day earlier and claimed to have stolen the information belonging to 40,000 customers. The bank subsequently launched an investigation into the incident to determine the veracity of the fraudsters’ tip. It also implemented additional security measures including enhanced online fraud monitoring tools on its systems.
“We’re taking this claim seriously and have taken action to further enhance our monitoring and security procedures,” said Simplii Financial’s senior vice-president Michael Martin, as quoted in a news release. “We feel that it is important to inform clients so that they can also take additional steps to safeguard their information.”
Later that day, the Bank of Montreal (BMO) confirmed in its own statement that it had received a similar warning from fraudsters on 27 May about a potential hack against its systems. A spokesperson for the bank said that the attack possibly affected 50,000 customers, reported Reuters. In response, BMO restricted access to all potentially affected customers’ accounts.
A notice published by the bank revealed that BMO is in the process of working with those customers to reissue payment cards, change passwords and take additional steps to protect their accounts.
It’s unclear whether the two attacks were connected at the time of publication.
Several hours later on 28 Monday, multiple media outlets in Canada received a letter from someone purporting to have stolen customers’ information from both CIBC and BMO. They wrote how they intended to sell the data unless both banks paid one million dollars by 11:59 p.m. that night. The letter said that criminals could use the stolen information (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/two-canadian-banks-contacted-by-fraudsters-about-potential-data-theft/