"We warned BMO and Simplii that we would share their customers informations if they don't cooperate".
Bank of Montreal and online bank Simplii Financial (owned by CIBC) made known that hackers stole identifying personal information of not less than 90,000 different account holders at the two banks over the weekends. The attacks have the banks in damage control mode, prompting them to assuage client concern about the safety of Canadian accounts.
The accounts of about 40,000 clients at CIBC's online bank Simplii Financial may have been electronically breached, the Toronto-based lender said in a statement Monday. Simplii said it received a claim on Sunday that their clients' data may have been accessed.
The hackers seem to have obtained sensitive information like names, account numbers, passwords, security questions and answers, social insurance numbers and account balances, by exploiting weaknesses in security systems of the two Canadian banks. At present, Bank of Montreal believes that less than 50,000 of its customers are affected by the security breach.
Bank of Montreal said it's conducting a thorough investigation, spokesman Paul Gammal said.
The bank is promising to fully reimburse clients who suffer from the apparent fraud and advising those who see suspicious account activity to contact the bank.
"We're taking this claim seriously and have taken action to further enhance our monitoring and security procedures", Michael Martin, Senior Vice-President at Simplii Financial stated.
In both cases, the attackers have threatened to publish the customer data.
"We are monitoring the situation closely with the Office of the Superintendent of Financial Institutions", she said in an emailed statement. It's not clear if they are trying to extort money from the banks in exchange for not publishing the data, and if so, how much they are requesting. The bank said the hack appears to have originated outside of Canada.
Cybersecurity expert Satyamoorthy Kabilan at the Conference Board of Canada says cyber incidents overall are skyrocketing and companies need to work to improve resiliency in the event of attack.