News out today reports that a number of Canadian banks have been issued with a massive Ripple XRP ransom, after hackers have managed to lift personal data for around 100,000 customers. In order to ensure the integrity of the stolen data, hackers have now demanded a random of $1 Million worth of XRP, otherwise, they promise to leak the personal data online.
According to CBC News, both customers of the Bank of Montreal and Simplii Financial could have potentially had their account information stolen. As it stands, the data remains ‘intact’ so to speak, with the hackers promising to keep hold of it and not release it, should they receive their ransom. Of course, there is no guarantee that this data won’t be released even if the random is paid, placing both the Bank of Montreal and Similii Financial in a bit of a tricky situation.
According to CBC News:
“The hackers claim they were able to gain partial access to accounts by using a common mathematical algorithm designed to quickly validate relatively short numeric sequences such as credit card numbers and social insurance numbers. The hackers say they used the algorithm to get account numbers, which allowed them to pose as authentic account holders who had simply forgotten their password. They say that was apparently enough to allow them to reset the backup security questions and answers, giving them access to the account.”
Both banks have passed comment, with the Bank of Montreal stating:
“Our practice is not to make payments to fraudsters, we are focused on protecting and helping our customers.”
Similarly, Simplii Financial have said:
“We are continuing to work with cybersecurity experts, law enforcement and others to protect our Simplii clients’ data and interests.”
As it stands, it does seem as if neither bank wish to cough up the ransom, suggesting that they are confident in their own security protocols and will ensure that the data of their customers is protected, although it does seem they are a little too late for that.
See the full report by CBC News for yourself, here-
Overall, this is quite a big deal, with a large amount of personal information now in the hands of malicious hackers, the authorities at the banks in question are now in quite a tricky position. Moreover, the customers may find themselves at a bit of a loose end, wondering what may happen next with their personal information.
If you believe you may have been affected by this, please contact your bank directly, they will be able to advise you best.