TORONTO (Reuters) – The Bank of Montreal ( BMO.TO ) and the Canadian Imperial Bank of Commerce ( CM.TO ) said Monday that cyber-attackers were the Data could have stolen from nearly 90,000 customers in what appeared to be the first significant attack on financial institutions in the country.
Bank of Montreal ( BMO .TO ), Canada's fourth-largest lender, said on Monday that it had been contacted by scammers on Sunday who claimed to be in possession of the personal and financial information of a limited number of the bank's clients.
A spokesman for the bank said it believed that less than 50,000 of the bank's 8 million customers were hacked across Canada. He declined to say whether any customers had lost money as a result of the attack.
The fraudsters threatened to make the data public, the spokesman said, adding that the bank is working with the authorities and conducting a thorough investigation.
The Bank of Montreal said it believes the attack originated from outside the country and was confident that the risks that led to the theft of customer data had been closed.
The Canadian Imperial Bank of Commerce ( CM.TO ), Canada's fifth-largest lender, said fraudsters had contacted the lender on Sunday, claiming they had personal and account information for 40,000 customers of their Simplii Direct Banking brand stolen.
CIBC said it has not confirmed the cyber violation yet, but takes the claim seriously. CIBC said that customers in the main bank are not affected.
Both banks said they contacted customers and asked them to monitor their accounts and report suspicious activity.
Other Canadian banks said they were not affected.
BMO shares had fallen 0.3 percent and CIBC 0.3 percent.
Canada's six largest banks have partnered with the Bank of Canada to improve their cyber defense capabilities. The Bank of Canada said earlier this month that some attacks will inevitably succeed, but there are recovery mechanisms to limit the damage.
Cyber attacks are becoming more common. Last year, credit monitoring company Equifax announced that information on 146.6 million names, 146.6 million birth records, 145.5 million US social security numbers, 99 million addresses and 209,000 payment card numbers and expiration dates was stolen in a cyberattack.
Reporting by Matt Scuffham; Arrangement by Jeffrey Benkoe