RBC Wealth Management Online password compromise FAQ

What does this message mean/why is RBC scanning for this data?

This process is in place for the protection of our clients and is a commonly used practice. In part, RBC is performing this scanning to prevent the risk of credential stuffing, which is a type of cyberattack that uses stolen credentials (such as passwords and email addresses) to try to gain unauthorized access to user accounts.

How did you determine that my password was compromised?

RBC uses a third party service to securely scan for whether your password is included in a list of breached credentials. If there is a match between a known breached username/password combination and the credentials you’re using to log into Wealth Management Online, our service alerts us.

Does RBC or the third party service know my password?

No. RBC and our third party service do not store client passwords. Our service receives only a partial hash of your user ID and password, which means that not only is this information masked, the original data cannot be recovered.

How/Where/When did the compromise occur?

Unfortunately, we have no way of knowing this. RBC does not have this information, nor does our third party service. What’s important to emphasize is that just because your credentials were identified as potentially compromised, it does not mean that any of your accounts have been adversely impacted. However, if you use the same password on other websites that you use for RBC Wealth Management Online, we strongly encourage you to change those passwords (and do not use the same password for each one).

Was RBC data compromised in any way? Is my RBC account at risk?

No, we have no reason to believe this compromise was the result of RBC data being breached. RBC has internal mechanisms in place to identify breaches of its own website. If RBC were to experience a data breach, we have other regulatory requirements and methods for informing our clients.

What does RBC do to protect my data?

Please see cybersecurity at RBC Wealth Management for more information around what RBC does to protect your data.

What other actions should I take?

You are strongly encouraged to change your passwords on other websites if they were the same one you use to log into RBC Wealth Management Online. You may also want to consider enabling two-step authentication every time you log in to our website. Other recommended actions are available in our client fact sheet(Open PDF file).

Investment and insurance products offered through RBC Wealth Management are not insured by the FDIC or any other federal government agency, are not deposits or other obligations of, or guaranteed by, a bank or any bank affiliate, and are subject to investment risks, including possible loss of the principal amount invested.