Simplii Financial
Company Details
Linkedin ID:
banksimplii
Website:
Employees number:
322
Number of followers:
6,632
NAICS:
52211
Industry Type:
Homepage:
simplii.com
IP Addresses:
0
Company ID:
SIM_1127633
Scan Status:
In-progress
Simplii Financial Company CyberSecurity Posture
simplii.com
Welcome to the Bank of Now. Simplii Financial is for those who live in the moment, with no-fee daily banking and tools that suit your life today. Ready? Set. #StartYourEngines
Simplii Financial A.I CyberSecurity Scoring
Simplii Financial Risk Score (AI oriented)Between 700 and 749
Simplii Financial
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Simplii Financial Global Score (TPRM)XXXX
Simplii Financial
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Simplii Financial Company CyberSecurity News & History
Past Incidents
2
Attack Types
2
Simplii Financial
Breach
Rankiteo Explanation
Attack threatening the organization’s existence
Description: The Canadian bank Simplii issued a warning, claiming that hackers may have gained access to the personal data of tens of 1000 of their clients. It was discovered that over 40,000 bank clients' personal and account information had been compromised by hackers. Financial information, dates of birth, and social insurance numbers are purportedly among the exposed data. Although Simplii has not yet verified the data breach, it has notified clients that it is looking into the matter and has immediately strengthened its online banking and fraud monitoring systems.
CIBC
Data Leak
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: CIBC have been targeted by hackers. The personal information of tens of thousands of customers may have been stolen. They were demanding a $1-million ransom from the bank. Hackers had accessed the personal and account information of more than 40,000 of the bank's customers.
Simplii Financial Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Simplii Financial
Incidents vs Banking Industry Average (This Year)
No incidents recorded for Simplii Financial in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Simplii Financial in 2025.
Incident Types Simplii Financial vs Banking Industry Avg (This Year)
No incidents recorded for Simplii Financial in 2025.
Incident History — Simplii Financial (X = Date, Y = Severity)
Simplii Financial cyber incidents detection timeline including parent company and subsidiaries
Simplii Financial Company Subsidiaries
Welcome to the Bank of Now. Simplii Financial is for those who live in the moment, with no-fee daily banking and tools that suit your life today. Ready? Set. #StartYourEngines
Loading...
Simplii Financial Similar Companies
Societe Generale is one of the leading European financial services groups. Based on a diversified and integrated banking model, the Group combines financial strength and proven expertise in innovation with a strategy of sustainable growth. Committed to the positive transformations of the world’s soc
SEB is a leading northern European financial services group with a strong belief that entrepreneurial minds and innovative companies are key in creating a better world. SEB takes a long-term perspective and supports its customers in good times and bad. In Sweden and the Baltic countries, SEB offe
Bancolombia
Somos un grupo financiero latinoamericano que apoya los sueños de las personas y busca establecer con ellas relaciones duraderas, basadas en la confianza, la cercanía, el respeto, la inclusión y la calidez. Escuchar, pensar en el otro y ser sensible a sus necesidades, nos ha llevado hacia una man
Banco de Crédito BCP
Somos el banco peruano que desde hace más de 130 años viene liderando el sistema financiero a nivel nacional. A lo largo de todo este tiempo hemos contribuido con el desarrollo económico de nuestro país, transformando planes en realidad. Todo esto es posible gracias al equipo de profesionales de p
BBVA
At BBVA we are leading the transformation of banking worldwide, united in pursuing our goal of bringing the age of opportunity to everyone. Firmly focused on the future, our on-going digital transformation is already producing disruptive innovations that power our vision of banking. Every one of o
ICICI Bank is one of India’s leading private sector banks, offering a wide range of banking products and services to corporate, Small and Medium Enterprises (SME) and individual customers across the country. The Bank offers multi-channel touch points including branches, ATMs, mobile banking, interne
Banco Bci
Porque el mundo que nos rodea se actualiza constantemente, porque tu decides hacer tu vida más simple: para entretenerte, para compartir con tu familia o para moverte por la ciudad. En Bci evolucionamos junto a ti, en este mundo donde todo se transforma una y otra vez, con soluciones que harán tu vi
AU SMALL FINANCE BANK
The dream started two decades ago by Mr. Sanjay Agarwal, a merit holder Chartered Accountant and a first generation entrepreneur, along with his proficient team. Together, the dexterous team embarked on a journey of excellence while enriching lives along the way. What started off as a dream to be
Türkiye İş Bankası
In the nearly 100 years since its founding by the Great Leader Mustafa Kemal Atatürk on August 26, 1924, İşbank has undertaken various roles and made significant contributions to the development of our country in many fields, especially in industry and trade. İşbank offers products and services to
.png)
Simplii Financial CyberSecurity News
June 22, 2025 06:43 PM
How Canada’s largest banks manage cyber risk
TORONTO – Hackers are targeting Toronto-Dominion Bank's internal systems at all hours using cutting-edge techniques, but the bank's head of cybersecurity...
April 08, 2025 07:00 AM
This man lost his life savings to identity fraud. He doesn't know how it happened
When Rick Hall discovered most of his life savings had been drained from his bank account, he suspected he had been hacked.
March 26, 2025 04:10 AM
BMO and CIBC’s Simplii warn fraudsters may have accessed data of 40,000 clients
Two of Canada's biggest banks are warning that “fraudsters” may have accessed certain personal and financial information from some customers.
December 12, 2023 05:56 AM
Why banks are hiring hackers
The big banks are fortifying their defences as the frequency and sophistication of cyberthreats increases.
October 13, 2020 06:25 AM
Simplii Financial and BMO Warn of Data Breach; Customers Report Money Lost
If you bank with BMO or CIBC's Simplii Financial, your account may have been compromised. On Monday, both banks started to alert clients that “fraudsters”…
October 21, 2019 07:00 AM
Banks deny compensation when hackers steal customers' money
A Vancouver-area man is speaking out after hackers broke into his bank account, stole $5000 and Scotiabank refused to reimburse him.
May 13, 2019 07:00 AM
RBC customer out of pocket after fraud: What you need to know if you e-transfer money
A Peterborough, Ont., woman says financial institutions and Interac are misleading customers by claiming e-transfers are "fully protected"...
January 07, 2019 08:00 AM
BMO launching new financial-crimes unit to combat fraud and cyberthreats
The announcements comes eight months after bank suffered data breach affecting up to 50000 customers.
August 30, 2018 07:00 AM
BMO customer hit by data breach unhappy with bank's lack of answers
John Zinck is having a hard time getting a consistent answer from BMO about when his account was breached and how.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Simplii Financial CyberSecurity History Information
Official Website of Simplii Financial
The official website of Simplii Financial is https://www.simplii.com.
Simplii Financial’s AI-Generated Cybersecurity Score
According to Rankiteo, Simplii Financial’s AI-generated cybersecurity score is 739, reflecting their Moderate security posture.
How many security badges does Simplii Financial’ have ?
According to Rankiteo, Simplii Financial currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Simplii Financial have SOC 2 Type 1 certification ?
According to Rankiteo, Simplii Financial is not certified under SOC 2 Type 1.
Does Simplii Financial have SOC 2 Type 2 certification ?
According to Rankiteo, Simplii Financial does not hold a SOC 2 Type 2 certification.
Does Simplii Financial comply with GDPR ?
According to Rankiteo, Simplii Financial is not listed as GDPR compliant.
Does Simplii Financial have PCI DSS certification ?
According to Rankiteo, Simplii Financial does not currently maintain PCI DSS compliance.
Does Simplii Financial comply with HIPAA ?
According to Rankiteo, Simplii Financial is not compliant with HIPAA regulations.
Does Simplii Financial have ISO 27001 certification ?
According to Rankiteo,Simplii Financial is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Simplii Financial
Simplii Financial operates primarily in the Banking industry.
Number of Employees at Simplii Financial
Simplii Financial employs approximately 322 people worldwide.
Subsidiaries Owned by Simplii Financial
Simplii Financial presently has no subsidiaries across any sectors.
Simplii Financial’s LinkedIn Followers
Simplii Financial’s official LinkedIn profile has approximately 6,632 followers.
NAICS Classification of Simplii Financial
Simplii Financial is classified under the NAICS code 52211, which corresponds to Commercial Banking.
Simplii Financial’s Presence on Crunchbase
No, Simplii Financial does not have a profile on Crunchbase.
Simplii Financial’s Presence on LinkedIn
Yes, Simplii Financial maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/banksimplii.
Cybersecurity Incidents Involving Simplii Financial
As of November 27, 2025, Rankiteo reports that Simplii Financial has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Simplii Financial has an estimated 6,716 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Simplii Financial ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach and Data Leak.
How does Simplii Financial detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with strengthened online banking and fraud monitoring systems, and communication strategy with notified clients about the investigation..
Incident Details
Can you provide details on each incident ?
Title: CIBC Data Breach and Ransom Demand
Description: CIBC has been targeted by hackers who accessed the personal and account information of more than 40,000 customers. The hackers demanded a $1-million ransom from the bank.
Type: Data Breach, Ransomware
Motivation: Financial Gain
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach, Ransomware CIB2331281022
Data Compromised: Personal information, Account information
Incident : Data Breach SIM1627311223
Data Compromised: Financial information, Dates of birth, Social insurance numbers
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Information, Account Information, , Financial Information, Dates Of Birth, Social Insurance Numbers and .
Which entities were affected by each incident ?
Incident : Data Breach, Ransomware CIB2331281022
Entity Name: CIBC
Entity Type: Bank
Industry: Financial Services
Customers Affected: 40000
Incident : Data Breach SIM1627311223
Entity Name: Simplii
Entity Type: Bank
Industry: Financial Services
Location: Canada
Customers Affected: 40,000
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach SIM1627311223
Containment Measures: Strengthened online banking and fraud monitoring systems
Communication Strategy: Notified clients about the investigation
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach, Ransomware CIB2331281022
Type of Data Compromised: Personal information, Account information
Number of Records Exposed: 40000
Incident : Data Breach SIM1627311223
Type of Data Compromised: Financial information, Dates of birth, Social insurance numbers
Number of Records Exposed: 40,000
Sensitivity of Data: High
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by strengthened online banking and fraud monitoring systems and .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Data Breach, Ransomware CIB2331281022
Ransom Demanded: 1000000
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach SIM1627311223
Investigation Status: Investigation in progress
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Notified Clients About The Investigation.
Additional Questions
General Information
What was the amount of the last ransom demanded ?
Last Ransom Demanded: The amount of the last ransom demanded was 1000000.
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Hackers.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Personal Information, Account Information, , Financial information, Dates of birth, Social insurance numbers and .
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Strengthened online banking and fraud monitoring systems.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Financial information, Personal Information, Account Information, Social insurance numbers and Dates of birth.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 40.4K.
Ransomware Information
What was the highest ransom demanded in a ransomware incident ?
Highest Ransom Demanded: The highest ransom demanded in a ransomware incident was 1000000.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Investigation in progress.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=banksimplii' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
