Two Canadian banks warned customers on Monday morning that the personal and financial information of at least 40,000 clients was accessed by criminals.
The affected banks are Simplii Financial—a recently-created brand owned by banking giant CIBC, and which formerly operated as President’s Choice Financial, a grocery store brand—and the Bank of Montreal (BMO). Simplii Financial reportedly has over two million customers, and BMO has more than 12 million clients across its services.
In a statement, Simplii Financial said that the bank is alerting affected customers after it received a tip on Sunday that “fraudsters” may have “electronically accessed” personal and account information for around 40,000 clients. The Bank of Montreal said in a statement that the “fraudsters” themselves contacted the bank on Sunday to let them know they “were in possession of certain personal and financial information for a limited number of customers.”
Read More: The Motherboard Guide to Not Getting Hacked
“Immediately after learning of the issue we implemented enhanced fraud monitoring and online banking security measures,” Olga Petrycki, a CIBC spokesperson, told me over the phone. “We have shared the information with federal agencies,” Petrycki continued.
Spokespeople for BMO were not immediately available for comment. In a statement, the bank said it is proactively reaching out to affected customers and is working with authorities.
It’s not clear who is responsible for the twin attacks, if there were demands attached to the breach notifications, how the information was accessed, or if they are connected. In its statement, BMO stated that it believes the attack originated outside of Canada.
Get six of our favorite Motherboard stories every day by signing up for our newsletter .