On the morning of May 28, 2018, CIBC owned bank Simplii Financial and the Bank of Montreal went public, both revealing that the personal information of thousands of customers had been stolen by hackers. Simplii Financial reported approximately 40,000 customers accounts compromised, while BMO reported 50,000 [1].
It is unaware how the data was breached; however, a letter was sent to media outlets across Canada by an individual who claims to have the stolen personal data. The letter threatens to sell the data to “criminals” if a $1-million ransom is not paid by 11:59 pm on May 28th by the banks. It is still not public if this ransom was paid out or not [2].
A BMO spokesperson, Paul Gammal, commented that BMO is “proactively contacting customers and taking all available means to protect their accounts, including blocking online and mobile access to accounts that may have been impacted, personally calling each impacted customer, as well as offering them free credit monitoring” [3]. However, customers of BMO and Simplii are still experiencing long wait times on refunds for the fraudulent transactions onto their credit cards.
Is it enough to be reactive, and not proactive?
With the new Digital Privacy Act coming into effect Nov 1st 2018, Canadian companies are required to disclose to clients when their personal information has been compromised due to a security breach [4]. With cybercrime becoming more advanced and ransomware attacks bound to have more media coverage, an attacked business may be irreparable without significant procedures in place for data protection and business continuity.
For small-to-medium size businesses (SMBs), it is no longer a matter of “if” ransomware will affect your business, but a matter of “when.” Paying the ransom is never the right choice either, with 13% of business in Canada who paid did not get returned the data that was stolen from them. Here are some more concerning statistics:
- SMBs paid $301 MILLION to hackers in the last year.
- Construction/Manufacturing is the top targeted vertical for hackers this year.
- 79% of providers report 1-5 attacks against SMBs, 21% report 6+ attacks.
- 26% of IT pros reported multiple attacks against SMBs in a single day.
- Cryptolocker is still king with 84% of IT pros still battling this giant.
- Less than 1 in 3 incidents of ransomware are reported to authorities.
- 33% of MSPs report ransomware encrypted an SMB’s backup.
- 75% of IT pros say an attack lead to business threatening downtime.
- 4% of IT pros report mobile #ransomware attacks in the last year.
- An estimated 5% of global small-to-medium businesses (SMB’s) fell victim to ransomware from 2016-2017.
It is more important than ever to have significant procedures in place to protect SMBs from cybercrime. A business that is unaware and unprepared is at extreme risk to an unfulfilling end.
Feel free to Contact Us for more information on our data protection services.