A group of Russian hackers who made off with the personal financial information of nearly a hundred thousand Canadian bank customers are demanding a hefty $1 million-worth of XRP ransom in order to prevent the personal data from being released on the dark web.
According to a report from local Canadian news outlet CBC, the Bank of Montreal and online-only bank Simplii Financial, had identifying personal information of a combined 90,000 account holders across the two banks stolen in a massive data hack. Hackers exploited a security system flaw that allowed access to key private data.
The hackers claim to have gained access to vital personal data such as full names, account numbers, passwords, account balances, and even security questions and answers used to safeguard the accounts. In an email sent by the hackers, they “warned” Bank of Montreal and Simplii Financial that they would share the customer data if the banks did not “cooperate.”
The hackers explained that they used a mathematical algorithm to gain access to account numbers, then posed as the account holder claiming to have forgotten their password. Somehow, this allowed the hackers to reset the backup security questions and answers, resulting in the hackers gaining access to the account and related information.
The email sent by the hackers demanded a ransom of $1 million in equivalent XRP tokens before a now passed deadline. It is not clear at this time if the hackers followed through with their threats to leak information, however, the banks are not budging. The Bank of Montreal responded to inquiries, explaining that their “practice is not to make payments to fraudsters,” and is instead focusing “on protecting and helping our customers.” Simplii continues to “work with cybersecurity experts, law enforcement and others to protect our Simplii clients' data and interests.”
To show they [hackers] were serious about the data they stole, the thieves shared personal info on a customer from each bank to prove the severity of their claims.