Two large banks in Canada have reported a data breach in which the cyber criminals may have stolen data of about 90,000 customers and is considered to be the first of its kind cyber attack on a Canadian financial institution. The two banks are Bank of Montreal and Canadian Imperial Bank of Commerce (CIBC) who have been contacted by hackers declaring that they have stolen personal and financial information of the bank’s certain number of customers.
A spokesperson from Bank of Montreal which is the fourth-largest lender in Canada, said that less than 50,000 were affected by the incident but did not mention whether there was any loss of money for any customers due to the attack.
The fraudsters threatened to make the data public and is believed to be orginated from outside the country. The bank has started investigation regarding the incident.
CIBC which is the fifth-largest lender of Canada has not yet confirmed the data breach but their Simplii direct banking brand has claimed that the attack has resulted in the loss of information of 40,000 customers
The banks are communicating with the affected customers and are providing instructions on how to observe their accounts for any suspicious activity.
Researchers claim that these attacks are far from unusual. Joseph Carson the chief security scientist at Thycotic said that Banks are always prime targets and cybercriminals are always trying to take control over the bank several times a day.
He mentioned that it was surprising that the cybercriminals made the attack public via the media, which is not a common thing to do as they may not get any financial gain from it. It is common for criminals to sell the stolen data to other cybercriminals who will abuse the information. Here thay have tried to screw the banks as well.
James Lerud, head of the Verodin Behavioral Research Team, said that both banks came to know about the fraud from the criminals which means that their security measures and preventions have failed. The hackers threaten to publish the stolen data unless they receive a ransom and is difficult to understand what their exact motivation is.
Mukul Kumar, CISO and vice president of the cyber practice at Cavirin, said that the banks have to know where the threat come from as different type of database were compromised. He also mentioned that The U.S. and Canada have to work harder on this because the problem is not going to go away.