Has anyone here been affected by Simplii security breach/has their account hacked?

[JDI007]

Simplii Fiancial and BMO 90,000 accounts hacked!
Simplii: "On Sunday(27) we received a claim that fraudsters electronically accessed certain personal and account information for some of our clients. While this issue affects a limited number of individuals(40,000 people is NOT limited number!!!), we are providing an update to all Simplii clients.We are reaching out to those that have been affected to offer support. Simplii is extending free credit monitoring to impacted clients and we are committed to returning 100% of any money lost from affected accounts as a result of this issue. We are also replacing affected clients’ bank cards and taking additional steps to monitor and protect our clients. We have a dedicated team that is working to make this right for our clients."

Of course...I am one of the 40,000 affected..Is anyone else?
I'm wondering what you guys are planning to do next? Keep your account with Simplii or change banks(Tangerine perhaps)? Have you received a phone call from Simplii?/ been able to access your online account/ and have you lost your money?I am very disappointed with Simplii...this never should have happened and now someone has all my info....I do not feel ok with that, it cannot be undone, nothing they can do to fix that, this is 100% their fault

I'm thinking of switching to Tangerine. Do you think this is inevitable at all banks?

Just got off the phone with Simplii...to my surprise they didn't even apologize!....thousands of people lost money, hackers now have their personal information and no apology?...not cool.

[walkonby]

geesh! I was unaware that thousands of clients actually lost money.
I think every bank has the same risk, don't see the point in switching over to another....the internet is like Swiss cheese at times....so many holes.

[Shwa Girl]

OP when it happened to Home Depot, they gave everyone the chance of free credit monitoring for 1 year.

[lilo0003]

I am a client so far not impacted but like @walkonby says it's like Swiss cheese. I have accounts other places and none feel safer than the others. We were impacted years ago with our debit card, to the tune of 4000.00 the bank made it right and we got smart so now we can't take more then 100.00 cash out in a day. I now check the accounts at least 4 times a week, including credit cards.

[kerrylj]

Unfortunately the hacking has been getting more aggressive the last few years and it is really hard for companies to put in enough safeguards to prevent the hacks. I know a few weeks ago our storage server where we store files and pictures for hack with a ransom virus because it was not set up with a strong enough password and we lost all the files on it because we can not figure out how to un-encrypt the drive.

Companies have to step up their game and everyone with any kind of internet access needs to make sure they have proper protections from strong passwords to rebooting routers routinely, installing protection software and firewalls and being careful what they open, download and access. Even with all that it is still like russian roulette unfortunately and likely to get worse with time because there is profit in it.

[tjthemanto]

Bank Of Montreal also got affected by the same hackers.

50,000 BMO clients and 40,000 Simplii Clients.

[tjthemanto]

The funny thing is both BMO and Simplii knew this for a month or so and did not bother to tell anyone !

Only when the hackers demanded a ransom and decided to go public with this info, they suddenly said we have been hacked and we don't pay a ransom blah blah...

[lilo0003]

The funny thing is both BMO and Simplii knew this for a month or so and did not bother to tell anyone !

Only when the hackers demanded a ransom and decided to go public with this info, they suddenly said we have been hacked and we don't pay a ransom blah blah...

Wow, I had no idea they sat on this information for so long.

[JDI007]

This is a financial topic, it's a serious matter that affects thousands of people. This thread was moved incorrectly.

[r0c0upons]

Would this have happened if the accounts were still PC? hmm...

[bhlombardy]

I think every bank has the same risk, don't see the point in switching over to another....the internet is like Swiss cheese at times....so many holes.

You're not wrong there, @walkonby. Every network is vulnerable. That's why (with banks anyway) there is the CDIC and other insurance.


It's best to think of hackers to network security as pests are to your home. Even if you THINK you don't have them, you probably do.

Ants and other insects, maybe even mice or even rats get in through the small holes and vulnerabilities in your home. Whether it's the small seams in the wood and siding, the vents in your attic, etc. or maybe they chewed through a screen or soft foam insulation, or gnawed through the actual structure. However they got in, they got in. Once they got in, maybe they just nested in your attic for warmth for the winter. Or maybe they've gone so far as infiltrated your pantry and stolen and/or contaminated your food supply. Or worse, maybe they're actually destroying your property. Whatever the threat they pose, once you detect their presence, you can assess if they've actually done any harm or not... then you can decide how to get rid of them and/or decide if you need to repair or replace any of your soft-goods (ie: food, property, etc) and of course how to prevent future intrusions.


Hackers are very similar. They perform certain attacks on your network security from all kinds of angles to try and get in. If they actually manage to get in, that might be enough satisfaction for them and they really do no harm nor even see or gain access to any crucial data or private information. While others might hammer a bit harder at the internal security to see how far inside they can get. Some might actually pose a threat to your data and have malicious intent.

Regardless the level of threat they pose, once they're detected, it then needs to be assessed what it is they actually gained access to and/or did damage to, and/or compromised, then take measures so that future intrusions can be prevented.

[bhlombardy]

The funny thing is both BMO and Simplii knew this for a month or so and did not bother to tell anyone !Only when the hackers demanded a ransom and decided to go public with this info, they suddenly said we have been hacked and we don't pay a ransom blah blah...

Wow, I had no idea they sat on this information for so long.

Before laying blame on the banks for not going public immediately, one should understand what's at stake and/or what the banks might have been doing during that time regarding the situation. To the outside observer, it might appear as though they they would have perceived a threat and shrugged it off. I assure that is not likely the case. Nor is it a conspiracy to decide to hide it or cover it up. They have processes in place to do actual risk assessments, performing investigations, and ensure their security is sound before blurting out that they've been compromised.


I work in IT in the public sector. As such we are beholden to the public, taxpayers, and citizens. Our network gets bombarded on a constant and regular basis with threats and attempted intrusions to our security measures. Do we go public with every single one? Absolutely not. It's not necessary BECAUSE we have a very tight and secure network protecting the data we hold. The more serious ones and critical attacks/attempts, we evaluate, perform risk assessments and investigations to see if any data was actually compromised, and/or what the threat really is. Then if required, further measures are enacted to prevent the intrusion from being an all-out hack and data destruction. If we went public every time this happened, there would be panic and mass hysteria because people just don't understand what it takes nor what it means to have a "secure" network.


Besides, what good would it to do to inform the public every time someone attempts an attack on your network? What are they going to do about it? Not only that, but going public then sheds a spotlight on the hackers in question giving them the attention and 'fame' they desire... enticing them and others to attempt more harm on a network that is now being publicized as vulnerable before it's had a chance to be patched.


When you're performing ANY type of investigation, be it data security or any other crime for that matter, the less the perpetrators know what YOU are doing to protect yourself and counter them, the better it is for your investigation and said countermeasures. Regardless, once they ARE detected it then needs to be assessed what it is they actually gained access to, and/or compromised, and/or did damage to. Then you need to collect and compile that evidence so they can be apprehended and dealt with, the threat eliminated, and future threats prevented.


If it can be shut down and prevented internally, that is in the best interest for everyone involved. You'd be surprised how many of these threats are actually handled internally and QUIETLY... it's part of the security system they have in place.

When the security system in place is working, then it *IS* working. There's little to no need to be announcing it every time someone taps on the windows... or even gets inside, provided they don't get away with it.


So the fact that the banks were silent about it for several weeks doesnt surprise me in the least and they ought not be faulted for it. Have faith that they are professionals at what they do and that they actually DO take security seriously. They are simply doing what is best and expected in these types of situations.

[Shwa Girl]

Unfortunately the hacking has been getting more aggressive the last few years and it is really hard for companies to put in enough safeguards to prevent the hacks. I know a few weeks ago our storage server where we store files and pictures for hack with a ransom virus because it was not set up with a strong enough password and we lost all the files on it because we can not figure out how to un-encrypt the drive.

Companies have to step up their game and everyone with any kind of internet access needs to make sure they have proper protections from strong passwords to rebooting routers routinely, installing protection software and firewalls and being careful what they open, download and access. Even with all that it is still like russian roulette unfortunately and likely to get worse with time because there is profit in it.

you are correct
even Revenue Canada had to foil hackers in the last few years
plus Equifax was hacked, and that's a LOT of people involved

[Ciel]

Small article in yesterday's Toronto Star made mention of two proposed class action lawsuits:

The proposed class action lawsuits, which have not yet been certified, are seeking general, compensatory, consequential and punitive damages on behalf of affected Simplii Financial and BMO clients.

https://www.thestar.com/business/201...financial.html