Fraudsters may have taken data at CIBC's online bank Simplii and BMO
Canadian Imperial Bank of Commerce and Bank of Montreal are alerting clients that "fraudsters" claimed to have accessed personal and financial information of some customers.
The accounts of about 40,000 clients at CIBC's online bank Simplii Financial may have been electronically breached, the Toronto-based lender said in a statement Monday. Bank of Montreal said separately that fraudsters contacted the lender saying they had certain personal and financial information for "a limited number" of customers. The bank estimates fewer than 50,000 clients were affected.
"We believe they originated the attack from outside the country," Toronto-based Bank of Montreal said in its statement. "We took steps immediately when the incident occurred and we are confident that exposures identified related to customer data have been closed off."
Bank of Montreal is conducting a thorough investigation, spokesman Paul Gammal said. Canada's fourth-largest lender became aware of unverified claims that data may have been accessed by a fraudster and a threat was made to make it public, he said.
CIBC said there's "no indication" that clients of its main bank were affected.
"This past weekend's cyber security incident is an extremely rare occurrence for Canadian banks, which are known for their leading cyber-security practices," the Canadian Bankers Association said in an email. "The banks involved in claims of a potential data breach acted swiftly in response, launched full-scale investigations and took immediate action to enhance online security measures to protect customers."
Canadian lenders including Toronto-Dominion Bank, Royal Bank of Canada, Bank of Nova Scotia and National Bank of Canada said they haven't been targeted.