Hackers gain crucial banking information from thousands of Canadians

Hacking into banks not common but it does happen
Hacking into banks not common but it does happen

Recently two major Canadian banks reported that almost 100,000 people had their information accessed by some foreign entities who broke into the personal accounts of Bank of Montreal (BMO) and CIBC’s Simplii Financial brand customers.

The thieves promised to release the information to other criminals if they weren’t paid a ransom of $1 million, but there was no word if the banks caved or simply were able to restore security to the accounts.

Some customers even reported having cash fraudulently removed from their accounts via an Interac e-Transfer.

For those who were affected, BMO and CIBC are offering free credit monitoring, reports MoneySense.ca, and they are promising to return any money that is stolen.

Bell Canada, Uber, Loblaws, Canadian Tire and Equifax were also recent cases where customer information was stolen from supposedly secure databases stored inside large organizations.

Even Metrolinx, the Toronto-area transit agency, was hacked by the North Koreans, although no customer data was accessed. Sorry Kim, better luck next time?

We all bank and shop and order rides virtually these days, but what can you do to help prevent this from happening?

Often the criminals are either looking for cold hard cash or maybe even the names, social insurance numbers and addresses of real people so they can commit identity fraud, which often is much worse than losing cash.

But this might not be as daunting a task as it seems to most folks. There are even web sites that offer step-by-step instructions, complete with colourful diagrams, on how to hack a database.

“If you’re comfortable with SQL statements and understand database basics, you can hack a database,” promises the lead statement of a WikiHow page, which according to the counter on the bottom of the page has been read 238,202 times!

The federal government is not ignoring the problem and in April published a new set of guidelines that Canadian organizations must follow with regards to protecting sensitive personal information, but those measures won’t go into affect until Nov. 1.

“While digitization has empowered critical innovation, it has also presented us with new and uncharted opportunities and challenges. The new regulations will make companies more accountable and empower Canadian consumers,” said Navdeep Bains, Minister of Innovation, Science and Economic Development.

Consumers should always keep a close eye on transactions in their accounts and in their credit files, say the experts, and immediately alert companies and credit agencies if you see something fishy.

“Most financial institutions offer real-time notification services that allow them to contact you in the event of a purchase or attempt considered to be unusual. You can put limits in place and chose how to be notified – email, text, or call to validate,” said Pattie Lovett-Reid of BNNBloomberg.

And change your passwords frequently and don’t share any sensitive information, she advises.

Bank of Nova Scotia, to use one example, has a page How We Protect You that promises “we have instituted a number of security measures to help ensure the integrity of your transactions and your account information.”

They list some (probably not all) of their security measures, including 128-bit SSL encryption, session time-outs and even offering their customers McAfee Security Software free for 12 months.

Find a Lawyer