On Sunday, Canadian Bank, Bank of Montreal (BMO) was left in a tight situation, as it announced that its system had been hacked. The hackers managed to get hold of several bank account information and has demanded $1 Million in Ripple (XRP) to prevent the information from being leaked.
BMO is considered a banking home to over 8 million Canadians. This security breach has left them in such a tight position, especially with the high demand from hackers. Based on a CBC News Report, BMO was not the only one to have been faced with a breach, as this also applies to Simplii Financial, CIBC’s online bank. The report also confirmed that 90,000 account holders’ information – ranging from passwords, names and account numbers have been accessed by hackers.
The demand for ripples have been delivered through email, supposedly from Russia. The Canadian banks were ordered to pay the suggested amount by May 28, 2018. The hackers wanted to prove to the Canadian banks that they do in fact have such personal data, therefore two account holders’ information – one from each bank – was given.
The email allegedly did not stop at demanding for compensation, but also the steps as to how the hack took place. In particular, the hackers generated account numbers that blended in with real, existing accounts. The generated ones were able to reset security questions that were originally in place.
With the stress tied with such a hack and bribery, the Canadian banks are also currently being faced with several criticisms, especially in terms of its security methods. A statement made suggested that:
“They were giving too much permission to half-authenticated account which enabled us to grab all these information… [The bank] was not checking if a password was valid until the security question were input correctly.”
As for the question as to whether or not the banks have agreed to the suggested payment, CBC News reached out to both BMO and Simplii Financial. In response, BMO stated that their “practice in not to make payments to fraudsters”, while the latter has yet to make a comment. This is definitely a frustrating situation for those account holders, as it is their information at risk, not that of banks necessarily. Will the two banks recover from this hack? How will Canadians take to this news?