Canadian banks Simplii and Bank of Montreal (BOE) have been targeted by a hacker probe with some dire results. The intruders were able to obtain personal information on more than 90,000 of their customers and demanded a ransom of $1 million in XRP to not publicize it.

The stolen data includes sensitive personal and financial information, such as names, passwords, account numbers, security questions and answers, account balances and social insurance numbers. The fraudsters have even provided details on two of the bank clients, thus confirming they were able to breach the sub-par security systems of the two banks.

The hackers even went as far as to explain exactly how they were able to extract the data. In an e-mail, reportedly sent from Russia, they detailed using a special algorithm to create account numbers and then imitate customers who have lost their passwords.

“They were giving too much permission to half-authenticated account which enabled us to grab all these information […] the bank was not checking if a password was valid until the security question were input correctly,” stated the attackers before adding that, “Profiles will be leaked on fraud forum and fraud community as well as the 90,000 left if we don’t get the payment before May 28, 2018, 11:59 PM.”

It has been a while since the ransom deadline expired and so far there has been no evidence of the hackers fulfilling their threat and releasing the customer data online.

The banks are seemingly not willing to budge as BOE official stated that, “Our practice is not to make payments to fraudsters. We are focused on protecting and helping our customers.“

Some of the bank clients have been contacted by the news outlets and said to be “very distressed” by the events that transpired. They also seemed worried about the outdated security systems in the banks that were circumvented rather easily to say the least.

Michael McCarthy, a Simplii bank client from Edmonton, caused further concern after reporting that a fraudulent $980 transfer was sent from his account. He added that while the transfer has been blocked, the bank has not reversed it yet.

Users continue to provide companies, ranging from social media sites to crypto exchanges, with huge amounts of sensitive personal information. While know-your-customer procedures are helpful in repelling frauds and they have now become an ever-increasing part of crypto regulation, they pose dangers to clients as well.

The value of personal data has never been as high as it is now, thus companies need to strengthen their efforts into making sure it is protected in similar ways as the funds in our account balance.

Image Source: “Flickr”