Desjardins Group, dubbed as Canada’s largest credit union, announces its company security breach last Thursday, June 20, 2019. The data privacy breach affected 2.9 million members of the said organization. Of these 2.9 million people, 2.7 million are individual members while 173,000 are business members, reports Global News.
Details of the Incident
According to a report by Bloomberg, Laval police notified the institution on June 14, 2019. The privacy data breach resulted from “unauthorized and illegal use” by a former employee.
Based on the findings of ZD Net, the former employee illegally mined information using the company database. Upon learning about the incident with the help of Quebec authorities, Desjardins fired the employee on June 14.
The statement by chief executive Guy Cormier of the corporation reveals the suspect “acted illegally, betraying the confidence of Desjardins.” Upon further investigation, the authorities found out that computer systems remain unaffected by malware or other malicious viruses. As a result, the police determined that the incident is not a cyber attack.
Bloomberg reports that the suspect mined and distributed information from the company members. The compromised data includes names, dates of birth, addresses, and phone numbers. Besides this, other data disclosed includes social insurance numbers, email addresses, and information on banking habits.
However, reports from the Laval police and the press release state passwords, security questions, and PINs remain unaffected.
As a precautionary measure, the bank has offered a 12-month credit monitoring facility for its members. In addition, the financial institution also covers identity theft insurance for affected individuals for 12 months, notes Global News.
After learning upon the incident, Yahoo reports that Desjardins Group immediately notified the Autorité des marchés financiers (AMF). The AMF is responsible for overseeing and governing the financial industry of Quebec.
The press release also divulged the other steps taken by the bank. Besides the AMF, it has also notified the Office of the Privacy Commissioner of Canada and the Commission d’accès à l’information du Québec.
Other actions by the financial institution include “introducing additional monitoring and security measures to protect your personal and financial information.” As of writing, the company is reportedly “taking additional steps to confirm our members’ and clients’ identities.” The Desjardins Group also continues to alert affected members of the bank.
Global News reports that the investigation against the suspect and incident is still ongoing.