Two of Canada's largest banks have issued statements confirming they were contacted by "fraudsters" claiming to have personal and financial information on customers in their possession.
Bank of Montreal (BOM) confirmed it was breached late yesterday, believing the attack had originated from outside of the country.
"Fraudsters contacted BMO claiming that they were in possession of certain personal and financial information for a limited number of customers," the statement reads. "We took steps immediately when the incident occurred and we are confident that exposures identified related to customer data have been closed off."
BOM said it has notified and is working with relevant authorities as it continues to assess the situation; reports indicate it has affected up to 50,000 customers.
"We are proactively contacting those customers that may have been impacted and we will support and stand by them," the bank wrote.
"BMO has strong and robust processes in place to protect customer data and we take customer privacy very seriously. Customers are recommended to monitor their accounts and notify BMO with any suspicious activity."
Simplii Financial, the direct banking subsidiary of the Canadian Imperial Bank of Commerce (CIBC), also confirmed at the weekend it had been contacted by fraudsters claiming to have information on around 40,000 customers.
"Simplii Financial is advising clients that it has implemented additional online security measures in response to a claim received on Sunday, May 27, 2018 that fraudsters may have electronically accessed certain personal and account information for approximately 40,000 of Simplii's clients," the statement reads.
"Immediately upon learning of the potential issue, Simplii began investigating to understand the claim and verify its accuracy. We also moved quickly to implement enhanced online fraud monitoring and online banking security measures."
While reports indicate the Office of the Privacy Commissioner of Canada has been notified, no official statement has been made at this stage.
At least seven tech giants still use the vulnerable software that hackers exploited to attack Equifax last year.
Exclusive: The exposed lookup tool let anyone run a customer's phone number -- and obtain their home address and account PIN, used to contact phone support.
Exclusive: A server stored teenagers' Apple ID email addresses and plaintext passwords.
Credit card numbers, expiration dates, and card verification codes were stolen.
With data breaches rapidly becoming multi-million dollar events, could the only solution be increasing IT budgets and giving tech leaders a bigger voice in organizational decision making?