Cyber Incident Victim: Bank of Montreal
Date:
May 2018
Location:
Canada
Summary
The Bank of Montreal experienced a cyber attack compromising personal information of customers, with hackers allegedly gaining access to data from over 50,000 accounts and attempting to extort the financial institution. While the breach's scope included potential third-party data sources linked to accounts closed years prior, the bank initiated contact with affected individuals and urged all customers to monitor for suspicious transactions. The incident resulted in a minor temporary decline in stock value, reflecting broader market sensitivity to cybersecurity events. Authorities collaborated in the investigation, though claims of additional compromised data from another financial institution remained unverified.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On May 28, 2018, Bank of Montreal (BMO), Canada’s fourth-largest financial institution, publicly disclosed a cyber attack compromising personal information of an unspecified number of customers. Hackers obtained the data and attempted to extort the bank, though the exact nature of their demands or communication methods was not detailed in the bank’s statement. BMO indicated the attackers potentially acquired customer information from third-party sources operating outside Canada, suggesting the breach might not have originated from direct infiltration of BMO’s own systems. The bank speculated the exposed data could relate to accounts closed in 2015, though it did not clarify whether this pertained exclusively to historical records or involved more recent information. Cybersecurity Insiders reported claims that data from approximately 50,000 BMO customer accounts—out of its total 8 million Canadian clients—had been compromised, alongside unverified assertions that 40,000 Canadian Imperial Bank of Commerce (CIBC) customer accounts were also affected. BMO did not confirm these figures or the CIBC connection in its official communications.
The bank initiated contact with affected customers following the breach, advising all clients to monitor account activity for suspicious transactions over the subsequent 6 to 12 months. BMO collaborated with unspecified relevant authorities to investigate the incident but did not disclose technical details regarding attack vectors, data exfiltration methods, or specific types of compromised personal information. Financial markets reacted to the disclosure with BMO shares declining 0.4% by 10:50 am EDT on the announcement date, reflecting immediate investor concern. No operational disruptions to banking services were reported, indicating the attack primarily targeted data rather than system availability. The investigation remained ongoing at the time of reporting, with no further public updates on attribution, total confirmed impacted individuals, or final resolution of the extortion attempt.