Scotiabank employees leaked customer data. The bank is contacting affected users for security breach

Bank fraud remains one of the most dangerous cybercriminal activities. Vulnerability assessment specialists report that Scotiabank has been notifying its users in Canada of a fraud risk, after detecting that one of its employees accessed an undisclosed number of accounts for no apparent reason. The accused individual has already been prosecuted by the competent authorities, the banking institution states.

Some users on Reddit began spreading rumors about a potential data breach affecting Scotiabank users last Monday night, mentioning that the bank would have started contacting some users to notify them that their information had been compromised.

In a statement sent to all potentially affected users, Scotiabank mentioned: “The security of our customers and their information is one of our priorities; we take this matter very seriously. Affected customers will be informed about each new update in the process, as we are also cooperating with the authorities in the investigation.”

For the time being, the bank has reserved details such as the number of users affected or the type of information that the employee involved may have accessed, as vulnerability assessment specialists mentioned.

Tory Zenkewich, a nurse based in Edmonton, claims to be one of the users affected by the data breach. According to his statements, a bank agent phoned him last Monday to inform him of the incident, which would involve data such as his date of birth, address, telephone number and social security number.

“I recently applied to Scotiabank for a loan to buy a car and now all my personal information has been compromised; I’ve even taken a few days out of work to deal with this data breach issue,” Zenkewich says.

As a security measure, Scotiabank has offered its users a free service to protect against bank fraud. The bank will help those affected with access to the fraud control platform for 3 years. Users are prompted to call Equifax and Transunion to set up their fraud alerts.

This is not the first time the bank is experiencing a data incident. A few months ago, vulnerability assessment experts mentioned that Scotiabank mistakenly leaked some of its internal code, as well as login credentials for its back-end systems, which led to the exposure of this data to GitHub repositories.

Bank security teams began deleting repositories that stored sensitive information, which were available to any user. The information provided included software blueprints, access keys to exchange rate systems, mobile application banking codes, and database login credentials.

For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.