Two Canadian banks, including the country's fourth-largest, are reporting Monday that they have been hacked and customer data accessed.
BMO and CIBC-owned Simplii Financial separately went public with breaches to their systems on May 28, noting that customer information, including bank account specifics and potentially addresses and phone numbers, were stolen.
Here's what's known so far:
- The breaches appear to be separate, though it's possible they were from the same person or group.
- Simplii Financial, which is owned by CIBC, said 40,000 people had their information accessed.
- BMO is not giving a number of affected customers right now. It has over 7 million customers.
- BMO said the breach originated outside Canada, and that the fraudsters themselves tipped off the bank.
- It's not clear whether money was stolen from customers' accounts, but both banks are saying any stolen money will be reimbursed.
At this point, it's not clear how the breach happened — bad password hygiene is always the most obvious culprit — but both companies are encouraging customers to enhance their passwords and, if possible, apply two-factor authentication.
Here's the full BMO statement:
On Sunday, May 27, fraudsters contacted BMO claiming that they were in possession of certain personal and financial information for a limited number of customers. We believe they originated the attack from outside the country. We took steps immediately when the incident occurred and we are confident that exposures identified related to customer data have been closed off. We have notified and are working with relevant authorities as we continue to assess the situation. We are proactively contacting those customers that may have been impacted and we will support and stand by them. BMO has strong and robust processes in place to protect customer data and we take customer privacy very seriously. Customers are recommended to monitor their accounts and notify BMO with any suspicious activity.
And here's Simplii: