The personal information of over 90,000 clients from two Canadian banks, BMO and Simplii, were stolen by hackers over the weekend, CBC reported on Tuesday. The hackers informed the banks via an email on Monday evening, and demanded $1 million worth of Ripple (XRP/USD) in return for not disclosing sensitive personal data, such as client names, dates of birth and social insurance numbers.
"We warned BMO and Simplii that we would share their customers informations if they don't cooperate," the email said, which appears to have been sent from Russia. “These … profile will be leaked on fraud forum and fraud community as well as the 90,000 left if we don’t get the payment before May 28 2018 11:59PM.”
The email also contained a detailed explanation of the heist - the hackers used an algorithm to create account numbers and pose as authentic customers, which allowed them to reset the security questions.
"They were giving too much permission to half-authenticated account which enabled us to grab all these information,” the email said. “[The bank] was not checking if a password was valid until the security question were input correctly."
There is no information whether the banks have given in to the hackers’ demands. The ransom deadline, May 28th, has passed, and it does not appear that the institutions intend to pay.
“I want our customers to know that we take any attack on us and on them extremely seriously,” said Darryl White, chief executive at BMO. “We’re reaching out personally to all of those impacted and taking all available means to protect their accounts.”
By Nadya Astam