Data leak at Desjardins Group discloses personal info of 2.9m members
The investigation has traced the leak to a single source: an ill-intentioned employee who acted illegally.
Canadian financial services provider Desjardins Group today posted an announcement informing its members of a data leak.
A Laval police investigation has revealed that the personal information of 2.9 million Desjardins’ members (2.7 million personal members and 173,000 business members) was disclosed to individuals outside Desjardins without authorization.
The investigation has determined that the source of the leak is an ill-intentioned employee who acted illegally. That person was fired.
The company explains that it has implemented additional security measures to ensure all its members’ personal and financial data remains protected.
AccèsD passwords (for both personal and business accounts), security questions and PINs were not compromised as a result of the leak. Desjardins insists that it has not been the target of a cyberattack. Its computer systems have not been compromised in any way by this incident.
The company says that its members’ assets and accounts at Desjardins are protected and that they will not suffer a financial loss if unauthorized transactions are made in their Desjardins accounts as a result of this situation.
All impacted members will receive a letter from Desjardins informing them of the situation and of what needs to be done.
Quebec’s Financial Markets Authority (AMF) today commented on the situation at Desjardins. The regulator says that this a very serious situation, which it is monitoring closely.
The AMF was informed of the situation shortly after it was discovered by Desjardins Group. The AMF is satisfied with the actions taken to date by Desjardins Group to protect the interests and assets of its members. It remains confident that the institution’s officers have handled the situation with due rigour, transparency and speed and that the cooperation provided to law enforcement is full and complete.
The major incident that happened to Desjardins Group today highlights the omnipresent risks to information security that all organizations must now contend with, the AMF notes.