Two days after announcing that “fraudsters” may have stolen the data of approximately 40,000 customers, CIBC’s Simplii Financial is offering some safety measures in the wake of its cyber-attack.

The lender posted three tweets Wednesday morning trying to reassure customers that several steps are being taken with a “dedicated team that is working to make this right.” Simplii also reiterated its promise to compensate customers if they lose money as a result of the attack.


Simplii added that it will replace bank cards of affected customers. Meanwhile, customers whose online and mobile banking are blocked can still use ATMs to make transactions, along with accessing cash at the point of sale, Simplii said.

The move comes after the unit of CIBC, Canada’s fifth largest bank, revealed Monday that hackers contacted it on Sunday claiming they had electronically stolen customers’ personal and account information.

Bank of Montreal (BMO), the country’s fourth biggest lender, also said Monday that it had been contacted by fraudsters with a similar claim that affected up to 50,000 customers.

The hackers had threatened to make the data public and the banks said they were working with authorities on the incident.

A spokesperson from the Office of the Privacy Commissioner of Canada confirmed to BNN Bloomberg that both banks had notified the agency of the incident.

“We are working with the organizations to better understand what occurred and what they are doing to mitigate the situation,” said spokesperson Valerie Lawton in an email. “Due to confidentiality provisions in the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s federal private sector privacy law, we cannot provide further details at this time.”

BMO also posted a series of tweets Tuesday to inform customers they shut down access to the affected accounts, along with other steps, and were working to determine if there was any “financial impact.”