Bank Hackers Demand $1 Million Ransom for Safe Return of Stolen Data

Yesterday, CIBC’s Simplii Financial and the Bank of Montreal announced that some Russian-based hackers have stolen the identifying personal information of a combined 90,000 different account holders. Now, the hackers are demanding a ransom of $1 million for its safe return, CBC News is reporting.

Bank of Montreal

The hackers seem to have obtained sensitive information like names, account numbers, passwords, security questions and answers, social insurance numbers and account balances, by exploiting weaknesses in security systems of the two Canadian banks. 

“We warned BMO and Simplii that we would share their customers informations if they don’t cooperate,” said a purported email from the hackers.

According to CBC News, the email demanded the ransom be paid in a cryptocurrency known as Ripple before May 28 2018 11:59PM. However, that deadline has now passed.

CBC News reached out to both banks for confirmation as to whether any ransom had been paid. 

“Our practice is not to make payments to fraudsters,” Bank of Montreal said. “We are focused on protecting and helping our customers.” For Simplii’s part, the bank said “we are continuing to work with cybersecurity experts, law enforcement and others to protect our Simplii clients’ data and interests.”

Some of the data appears to be circulating already on various online forums, although it is frequently taken down soon after posting.

The thieves have also shared accurate personal information about two Canadians, each a customer of each respective bank, in order to back up the veracity of their claims.