Canada’s Largest Credit Union Desjardins Suffers Data Leak Exposing Information of Over 2.9 Million Customers

• The data leak has impacted almost 2.7 million home users and 173,000 business customers.
• The financial institution has fired the ill-intentional employee who was responsible for the data leak.

What is the issue?

Desjardins, one of the world’s largest banks suffered a security breach after an ill-intentioned employee stole the data of 2.9 million customers and disclosed it to individuals outside Desjardins without authorization.

What was exposed?

The employee has leaked the personal information of almost 2.7 million home users including their full names, dates of birth, addresses, phone numbers, email addresses, social insurance numbers, and the details of banking habits and Desjardins products.

The personal information of almost 173,000 business customers has also been leaked. In the case of business customers, the leaked data includes business name, business address, business phone number, owner's name and names of users on the AccèsD Affaires account.

However, no e-banking passwords, security questions, account PINs, and credit and debit card numbers have been exposed.

The response

Desjardins became aware of the incident from the Laval police on June 14, 2019.

• Upon discovery, Desjardins notified the Office of the Privacy Commissioner of Canada, the Commission d'accès à l'information du Québec, and the Autorité des marchés financiers about the incident.
• The financial institution also fired the ill-intentional employee who was responsible for the data leak.
• It has implemented additional monitoring and security measures to protect its customers’ personal and financial information.
• The credit union is working with security experts to protect its members’ personal information.
• It is also offering free 12-month credit-monitoring services for all impacted members.

“Desjardins has not been the target of a cyberattack. Our computer systems have not been compromised in any way by this incident,” Desjardins said.

“We understand that this is a worrying situation. We sincerely regret the inconvenience it has caused. Your assets and accounts at Desjardins are protected—you won't suffer a financial loss if unauthorized transactions are made in your Desjardins accounts as a result of this situation,” Desjardins added.