This process is in place for the protection of our clients and is a commonly used practice. In part, RBC is performing this scanning to prevent the risk of credential stuffing, which is a type of cyberattack that uses stolen credentials (such as passwords and email addresses) to try to gain unauthorized access to user accounts.
RBC uses a third party service to securely scan for whether your password is included in a list of breached credentials. If there is a match between a known breached username/password combination and the credentials you’re using to log into Wealth Management Online, our service alerts us.
No. RBC and our third party service do not store client passwords. Our service receives only a partial hash of your user ID and password, which means that not only is this information masked, the original data cannot be recovered.
Unfortunately, we have no way of knowing this. RBC does not have this information, nor does our third party service. What’s important to emphasize is that just because your credentials were identified as potentially compromised, it does not mean that any of your accounts have been adversely impacted. However, if you use the same password on other websites that you use for RBC Wealth Management Online, we strongly encourage you to change those passwords (and do not use the same password for each one).
No, we have no reason to believe this compromise was the result of RBC data being breached. RBC has internal mechanisms in place to identify breaches of its own website. If RBC were to experience a data breach, we have other regulatory requirements and methods for informing our clients.
Please see cybersecurity at RBC Wealth Management for more information around what RBC does to protect your data.
You are strongly encouraged to change your passwords on other websites if they were the same one you use to log into RBC Wealth Management Online. You may also want to consider enabling two-step authentication every time you log in to our website. Other recommended actions are available in our client fact sheet.
Investment and insurance products offered through RBC Wealth Management are not insured by the FDIC or any other federal government agency, are not deposits or other obligations of, or guaranteed by, a bank or any bank affiliate, and are subject to investment risks, including possible loss of the principal amount invested.
RBC Wealth Management, a division of RBC Capital Markets, LLC, registered investment adviser and Member NYSE/FINRA/SIPC.