U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

At least 90,000 Canadian bank customers may have been affected by two data breach

On Monday, Two Canada’s five largest banks, the Bank of Montreal (BMO) and Simplii Financial, informed their customers they are investigating a data breach. The security breach suffered by the Bank of Montreal (BMO) may have impacted less than 50,000 of the overall 8 million customers, the incident suffered by Simplii Financial may have exposed information of 40,000 clients. […]

At least 90,000 Canadian bank customers may have been affected by two data breach

On Monday, Two Canada’s five largest banks, the Bank of Montreal (BMO) and Simplii Financial, informed their customers they are investigating a data breach.

The security breach suffered by the Bank of Montreal (BMO) may have impacted less than 50,000 of the overall 8 million customers, the incident suffered by Simplii Financial may have exposed information of 40,000 clients.

“Two Canadian banks warned Monday they have been targeted by hackers, and that the personal information of tens of thousands of customers may have been stolen — something that appeared to be confirmed in a letter to the media from someone who said they were demanding a $1-million ransom from the banks.” reads the post published by CBC.

“CIBC-owned Simplii Financial was the first to warn on Monday morning that hackers had accessed the personal and account information of more than 40,000 of the bank’s customers.”

Exposed data allegedly includes social insurance numbers, dates of birth, and financial information.

Canadian Banks data breach

In both cases, hackers contacted the bank trying to blackmail them and requested a $1 million ransom from each bank to avoid data disclosure.

BMO excluded the involvement of insiders, it has contacted authorities and notified the incident to potentially affected customers.

“On Sunday, May 27, fraudsters contacted BMO claiming that they were in possession of certain personal and financial information for a limited number of customers.  We believe they originated the attack from outside the country.” reads a press release published by BMO. 

“We took steps immediately when the incident occurred and we are confident that exposures identified related to customer data have been closed off.  We have notified and are working with relevant authorities as we continue to assess the situation.” 

Simplii has not yet confirmed the data breach but informed customers that it’s investigating the issue and has already implemented “enhanced online fraud monitoring and online banking security measures.”

“Simplii Financial is advising clients that it has implemented additional online security measures in response to a claim received on Sunday, May 27, 2018 that fraudsters may have electronically accessed certain personal and account information for approximately 40,000 of Simplii’s clients.” states the security advisory published by the bank.

“We’re taking this claim seriously and have taken action to further enhance our monitoring and security procedures,” said Michael Martin, Senior Vice-President, Simplii Financial.   “We feel that it is important to inform clients so that they can also take additional steps to safeguard their information.”

The bank has reassured its customers that any economic damage will be fully reimbursed.

In addition, Simplii recommends that clients:

  • Always use a complex password and pin (e.g. not 12345)
  • Monitor their accounts for signs of unusual activity

At the time, we cannot exclude that hackers were able to obtain customer data of the two Canadian Banks in other ways, for example collecting them from other data breaches or by targeting customers with spear phishing campaign.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Canadian banks, data breaches)

[adrotate banner=”5″]

[adrotate banner=”13″]