BMO, CIBC’s Simplii customers hacked
TORONTO — Two of Canada’s biggest banks are warning that “fraudsters” may have accessed certain personal and financial information of some customers.
The Bank of Montreal said fraudsters contacted the bank on Sunday claiming to be in possession of certain data for a “limited number of customers,” and it believes the attack was originated outside of Canada.
“We took steps immediately when the incident occurred and we are confident that exposures identified related to customer data have been closed off,” BMO Financial Group said in a statement on Monday.
The disclosure followed a warning from CIBC’s direct banking brand Simplii Financial that also said “fraudsters” may have electronically accessed certain personal and account information for approximately 40,000 Simplii Financial clients.
Simplii said it learned of the potential issue Sunday and has implemented additional online security measures, such as enhanced online fraud monitoring.
Both banks say they will be contacting clients, and recommended that customers monitor their accounts and notify their financial institution about any suspicious activity.
BMO and Simplii also said they are working with the relevant authorities.
“We are investigating to determine the validity of the claims and the type of the information that may have been accessed,” CIBC spokesperson Tom Wallis said in an emailed statement.
Simplii adds that clients who are victims of fraud because of the issue will receive 100 per cent of the money lost from the affected bank account. It added that there is no indication that clients who bank through CIBC have been affected.
CIBC launched Simplii in November and absorbed the accounts of about two million President’s Choice Financial account holders. CIBC had provided the back-end banking services for PC Financial for nearly 20 years, but last August the bank struck a deal with PC’s parent company Loblaw to go their separate ways.
Last fall, credit reporting service Equifax notified the public that hackers accessed or stole the personal data of 145.5 million U.S. customers and 19,000 Canadians. In January, Bell Canada warned some of its customers that their information, such as names and email addresses, had been illegally accessed in a data breach. In November, ride-sharing company Uber said hackers stole names, email addresses and mobile phone numbers of millions of riders. Uber in December said that 815,000 Canadian riders and drivers may have been affected as part of the worldwide data breach.
New federal data breach regulations that would require mandatory reporting of security breaches are set to take effect on Nov. 1. The regulations require organizations to determine if a data breach poses a risk to any individual whose information was involved and then to notify the federal privacy commissioner and affected individuals “as soon as feasible” — not within a specific time limit. Previously, companies which had been hacked had been alerting the public on their own timeline.