North American data breaches aren't limited to the US, as shown by a pair of disclosures on Monday that came from north of the border. Simplii Financial and Bank of Montreal this week each issued separate warnings for breaches affecting the personal data of more than 90,000 customers.
The two breaches seemed linked by a ransom letter that was sent to the Bank of Montreal by the purported hackers, who demanded $1 million in exchange for not having the personal information handed over to "criminals." Sample customer data was attached to the ransom demand, and the individual named verified that the information, including security questions, was accurate.
While it's not unusual for organizations to be notified of a threat by a third party, it's rare for the notification to come from the threat actors themselves, unless (as in this case) a ransom demand is attached.
Both banks have said that they will return any money taken from any of the affected customers.
For more, read here.