The personal data of almost 100,000 Canadians have been stolen by hackers who are now threatening to release it if a $1 million ransom isn’t paid.
Bank of Montreal (BMO) and Simplii Financial are the two banks caught up in the hack and the hackers are requesting the ransom be paid in Ripple cryptocurrency (XRP). The news was reported yesterday by Canada’s national news outlet Canadian Broadcasting Corporation (CBC).
The stolen data apparently contains identifying personal information. CIBC-owned Simplii Financial first reported the hack on Monday morning, citing a tip it had received over the weekend.
The bank’s senior vice-president Michael Martin said: “We’re taking this claim seriously and have taken action to further enhance our monitoring and security procedures.”
An email from the hackers explained how the hack was carried out. They detail the use of a common mathematical algorithm used to validate short numeric sequences, such as those found in credit card and social security numbers. These could then be used to pose as account holders who had forgotten passwords.
To prove they had the data the hackers shared identifying information of an account holder from each bank.
The email demanded the $1 million paid in Ripple by midnight the same day or the data would be released. That deadline has now passed, but neither bank has confirmed if the ransom was paid or if the data has been released.
“Our practice is not to make payments to fraudsters,” Bank of Montreal stated. “We are focused on protecting and helping our customers.”
Image From Shutterstock