David George-Cosh

Reporter

Follow|Archive

The Bank of Nova Scotia is working to remove internal computer code reportedly containing sensitive login credentials for some online services that was inadvertently uploaded to an open-source repository.

The Register, a U.K.-based technology website, reported on Wednesday that a Canadian IT worker discovered the uploaded source code on Github, a website that hosts programming code that is freely available for other programmers to access.

The code contained information related to the bank's backend systems as well as code related to Scotiabank’s mobile apps for its Central American and South American customers, the website said.

“The information that was posted on an online data repository does not contain information that would put our customers, employees and partners at risk. Our technical teams are working to remove the information,” said Doug Johnson, a spokesperson from Scotiabank, in an email to BNN Bloomberg.

Colin Palmer, a spokesperson with the Office of the Superintendent of Financial Institutions, said that the government agency is in contact with Scotiabank as part of its ongoing supervisory activities.

“When situations such as this arise, we are informed, will monitor the situation closely and ask for any clarifications if required,” Palmer said in an email. Palmer declined to provide further details, citing confidentiality in its dealings with federally regulated financial institutions.

Canadian financial institutions have frequently faced data breaches in the past, most recently in July when hackers accessed the personal information of six million Capital One Financial customers. Last year, the Bank of Montreal and the Canadian Imperial Bank of Commerce’s Simplii Financial, confirmed hackers stole the personal and financial data of thousands of customers.