Two Canadian banks warned customers on Monday morning that the personal and financial information of at least 40,000 clients was accessed by criminals.

In a statement, Simplii Financial said that the bank is alerting affected customers after it received a tip on Sunday that “fraudsters” may have “electronically accessed” personal and account information for around 40,000 clients. The Bank of Montreal said in a statement that the “fraudsters” themselves contacted the bank on Sunday to let them know they “were in possession of certain personal and financial information for a limited number of customers.”

Read More: The Motherboard Guide to Not Getting Hacked

“Immediately after learning of the issue we implemented enhanced fraud monitoring and online banking security measures,” Olga Petrycki, a CIBC spokesperson, told me over the phone. “We have shared the information with federal agencies,” Petrycki continued.

Spokespeople for BMO were not immediately available for comment. In a statement, the bank said it is proactively reaching out to affected customers and is working with authorities.

It’s not clear who is responsible for the twin attacks, if there were demands attached to the breach notifications, how the information was accessed, or if they are connected. In its statement, BMO stated that it believes the attack originated outside of Canada.

Clients of the affected banks are currently describing feeling “freaked out” and “a bit scared” on social media.