Advertisement
Consumer

BMO, Simplii hack: What customers should do to protect their information

WATCH: How to protect yourself following BMO, Simplii attack

Canadians who bank with BMO or CIBC’s Simplii Financial were told Monday that the institutions may have been affected by a data breach.

BMO said hackers contacted the bank on Sunday claiming to be in possession of the personal information of fewer than 50,000 customers and threatened to make it public.

READ MORE: BMO, CIBC’s Simplii warn of similar possible client data breach

CIBC’s direct banking brand Simplii Financial that also said “fraudsters” may have electronically accessed certain personal and account information for approximately 40,000 Simplii Financial clients.

Neither bank has confirmed whether customers suffered financial losses as a result of the potential attack. However, several social media users who claim to be Simplii clients reported online that their accounts were hacked and money stolen over the weekend.

Story continues below advertisement

READ MORE: Canadians describe illicit Interac e-transfers out of Simplii accounts

Other Canadian banks, including Royal Bank, Scotiabank and Toronto-Dominion Bank, said there’s no indication they were affected.

Simplii said that there’s no indication CIBC customers were affected.

Here’s what Canadians who fear they could have been affected by the potential breaches should know.

Monitor activity on paper

Both affected banks said they will be contacting clients, and recommended that customers monitor their accounts and notify their financial institution about any suspicious activity.

This will aid the banks in figuring out if the breach actually happened, and what type of information was collected.

Simplii said to send any suspicious correspondence to fraud@simplii.com.

WATCH: BMO and CIBC online bank warn about possible cyber attacks

BMO and CIBC online bank warn about possible cyber attacks
BMO and CIBC online bank warn about possible cyber attacks

Joanne McNeish, an associate professor at Ryerson University’s Ted Rogers School of Management, advised that consumers should also keep track of activity using paper statements.

“Sophistication is getting quite good that people can manipulate your account in all kinds of ways, the advantage of paper is that you have a fixed record of what your activity was,” she said.

Story continues below advertisement

McNeish added that doesn’t mean people stop using online banking.

“I’m actually encouraging people to have a backup system, and possibly think about having one non-online account with one bank and an online bank account with another.”

Update passwords

Simplii also recommended users check their passwords to ensure they are strong.

McNeish said that it’s too late for consumers to update their passwords to protect against this hack, but they should do it as a regular practice.

WATCH: What you should do if your email gets hacked

What you should do if your email gets hacked
What you should do if your email gets hacked

She added that won’t necessarily protect consumers from wide-ranging data breaches, but it will make your argument to the bank more substantial.

“It will allow you to say to the bank, in your defence, ‘Well, I had a complex password, I had strong security questions.'”

Passwords should be complex, but never written down.

READ MORE: Can you trust your bank? Here’s what to watch for based on a new financial watchdog report

“If the bank discovers you’ve written it down, in fact, they will no longer compensate you,” McNeish explained.

Story continues below advertisement

What happens to any money lost?

Bank customers who are victims of fraud will receive 100 per cent of the money lost from the affected bank account, Simplii said Monday.

But McNeish explained this could take several months, and the onus would be on the customer to prove that money was unlawfully taken.

“They’re going to make each person defend themselves over a circumstance of which they had no control.”

WATCH: Hackers can exploit built-in speakers of smartphones and devices

Hackers can exploit built-in speakers of smartphones and devices
Hackers can exploit built-in speakers of smartphones and devices

That’s why McNeish said it’s even more important that consumers track their activity on paper, where it can’t be changed.

“By having other forms of the statement, like paper, you’re able to be more convincing with the bank that you, the customer, didn’t make the error.”

— With files from Global News reporter Erica Alini, The Canadian Press

Global News Redesign Global News Redesign
A fresh new look for Global News is here, tell us what you think
Take a Survey

Sponsored Stories