A violação de segurança sofrida pelo Banco de Montreal (BMO) pode ter impactado menos de 50.000 dos 8 milhões de clientes em geral. Em contraste o incidente sofrido pela Simplii Financial pode ter exposto informações de 40.000 clientes.
“Two Canadian banks warned Monday they have been targeted by hackers, and that the personal information of tens of thousands of customers may have been stolen — something that appeared to be confirmed in a letter to the media from someone who said they were demanding a $1-million ransom from the banks.” reads the post published by CBC.
“CIBC-owned Simplii Financial was the first to warn on Monday morning that hackers had accessed the personal and account information of more than 40,000 of the bank’s customers.”
Os dados expostos incluem números de seguro social, datas de nascimento e informações financeiras.
Em ambos os casos, os hackers contataram o banco tentando chantageá-los e solicitaram um resgate de US$1 milhão de cada banco para evitar a divulgação dos dados.
A BMO, apesar do cenário fraudulente imposto pelos atacantes, contactou os clientes:
“On Sunday, May 27, fraudsters contacted BMO claiming that they were in possession of certain personal and financial information for a limited number of customers. We believe they originated the attack from outside the country.” reads a press release published by BMO.
“We took steps immediately when the incident occurred and we are confident that exposures identified related to customer data have been closed off. We have notified and are working with relevant authorities as we continue to assess the situation.”
A Simplii ainda não confirmou a violação de dados, mas informou os clientes que está a investigar o problema e já implementou “medidas aprimoradas de monitorização on-line de fraudes e segurança bancária online”.
“Simplii Financial is advising clients that it has implemented additional online security measures in response to a claim received on Sunday, May 27, 2018 that fraudsters may have electronically accessed certain personal and account information for approximately 40,000 of Simplii’s clients.” states the security advisory published by the bank.
“We’re taking this claim seriously and have taken action to further enhance our monitoring and security procedures,” said Michael Martin, Senior Vice-President, Simplii Financial. “We feel that it is important to inform clients so that they can also take additional steps to safeguard their information.”
O banco garantiu a seus clientes que qualquer dano económico será totalmente reembolsado.
Além disso, a Simplii recomenda que os clientes:
- Usem use uma password e um pin complexo (por exemplo, não 12345)
- Controlem as suas contas em de forma a identificarem sinais de atividade incomum
Pedro Tavares is a professional in the field of information security working as an Ethical Hacker/Pentester, Malware Researcher and also a Security Evangelist. He is also a founding member at CSIRT.UBI and Editor-in-Chief of the security computer blog seguranca-informatica.pt.
In recent years he has invested in the field of information security, exploring and analyzing a wide range of topics, such as pentesting (Kali Linux), malware, exploitation, hacking, IoT and security in Active Directory networks. He is also Freelance Writer (Infosec. Resources Institute and Cyber Defense Magazine) and developer of the 0xSI_f33d – a feed that compiles phishing and malware campaigns targeting Portuguese citizens.
Read more here.