Desjardins Group has revealed that it has been hit by a data breach which could have impacted more than 2.9 million members.
The firm had explained that a former employee had shared personal information with individuals outside the organisation. The leaked information included 2.7 million individual members and 173,000 business members.
“This situation is the outcome of unauthorized and illegal use of our internal data by an employee who has since been fired.”
Desjardins stated that personal information including the names of the individuals, addresses, birth dates, social insurance numbers, email addresses and transaction information may have been affected. However the firm stressed that passwords, security questions and personal identification numbers were not compromised.
Desjardins computer systems have not been breached as the incident was not due to a cyber attack – but as a result of an illegal act committed by a former employee.
Among the affected data was information about business members including business names, addresses, telephone numbers, and the names of owners and AccèsD Affaires account users. All members affected will be sent a letter informing them of the situation.
Desjardins have hired experts and are working closely with the Laval police to get to the bottom of the incident. Additional security measures have also been implemented in order to protect its members and client’s personal information, assets and accounts.
Guy Cormier, President and CEO of Desjardins Group said:
“I’d like to reassure our members and clients: their accounts and assets with Desjardins are protected in the event of fraud. If they suffer a financial loss as a result of this situation, they will get their money back. We regret this situation and are making every effort to ensure that it doesn’t happen again.”
Desjardins will be offering affected members a credit monitoring plan and identity theft insurance for 12 months, paid for by Desjardins.
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.