Attackers threaten to release personal data if banks don’t pay up

A security breach at two Canadian banks over the weekend has resulted in the data of tens of thousands of clients being compromised, with attackers demanding $1 million in ransom to have the information returned.

Officials from the Bank of Montreal (BMO) and Simplii Financial – a subsidiary of banking powerhouse CIBC – made a public announcement on Monday after becoming aware of the incident the previous day.

BMO said in a press release that “fraudsters” had contacted the bank, claiming to be in procession of the personal and financial information, which would be released if a ransom was not paid. It subsequently launched an investigation with the relevant authorities.

A BMO spokesman told CTV News that their “practice is not to make payments to fraudsters” and that its priority was helping its customers.

It is believed that the same attackers were able to gain access and obtain account information to the two banks, likely through a phishing technique, although that has yet to be confirmed.

Both banks have said that the attack originated outside of Canada.

Michael Martin, senior vice president of Simplii Financial, said: “We’re taking this claim seriously and have taken action to further enhance our monitoring and security procedures

“We feel that it is important to inform clients so that they can also take additional steps to safeguard their information.”

Customers have been told to monitor their accounts for fraudulent activity and ensure that they are using a secure enough password.

Approximately 50,000 accounts from BMO and 40,000 from Simplii are said to have been affected.

Simplii added that it would be reaching out to customers who may have had their information stolen.

No other banks in Canada have reported problems.