Canadian Banks Rocked By Data Theft Of 90,000 Customers

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

Significant data breach affects two large Canadian banks after hackers threaten to go public with customer data

Financial institutions in Canada have come under a significant cyber attack after hackers claimed to have stolen data belonging to thousands of customers.

The hackers reportedly said they stolen data of nearly 90,000 customers from two Canadian banks, namely Bank of Montreal (Canada’s fourth biggest lender) and Canadian Imperial Bank of Commerce (Canada’s fifth biggest lender).

The two banks said on Monday they had been contacted by the hackers who threatened to make the customer data public.

data breach, security breaches

Bank breaches

“On Sunday, May 27, fraudsters contacted BMO claiming that they were in possession of certain personal and financial information for a limited number of customers,” said Bank of Montreal in a statement on its website.

“BMO has proactively shut down access to customer accounts identified as potentially impacted by the breach,” it added. “BMO will be calling each potentially-impacted customer to offer complimentary monitoring, replace cards, ensure all passwords get reset, and determine if there was any financial impact.”

A spokesman for the bank meanwhile told Reuters that it believed that less than 50,000 of the bank’s 8 million customers across Canada were hacked. He declined to say if any customers lost money as a result of the attack.

The hackers apparently threatened to make the data public, the spokesman said. But the bank said it was working with the authorities and conducting a thorough investigation.

Bank of Montreal reportedly said it believed the attack originated from outside of Canada and was confident that any vulnerabilities that led to the theft of customer data had been closed off.

Meanwhile Canada’s fifth biggest lender, Canadian Imperial Bank of Commerce, told Reuters that it had also been contacted by fraudsters on Sunday, who claimed they had electronically stolen personal and account information of 40,000 customers of its Simplii direct banking brand.

CIBC said it has not yet confirmed the cyber breach but is taking the claim seriously. CIBC said customers at its main banking division were not affected.

Financial attacks

Unfortunately it seems that cybercrime against banks and financial institutions is on the rise, and it is a worldwide problem.

In March for example, the Swiss financial watchdog warned that cyber threats were now the biggest threat to the Swiss financial system.

This year has seen Europol arrest the leader of the crime gang behind the Carbanak and Cobalt malware attacks that had targetted over a 100 financial institutions worldwide. This gang is thought to be responsible for the loss of over 1 billion euros (£870m) for the financial industry.

Last year famously saw credit checking specialist Equifax admit a hugely damaging data breach that was only reported in September last year, even though it had been discovered in late July 2017.

And to make matters worse, many industry observers are worried that banks are dramatically under-reporting computer attacks due to their fear of bad publicity.

Do you know all about security? Try our quiz!