Desjardins revises data theft impact numbers, says 4.2 million affected
By The Canadian PressNews Data Security data breach Desjardins privacy breach
MONTREAL — The Desjardins Group data theft is much more widespread than first thought and actually hit 4.2 million members, the banking co-operative’s chief executive said Friday.
Guy Cormier told a news conference the revised number — which represents the entirety of the Levis, Que.-based organization’s membership — were victims.
Desjardins Group initially reported in June that 2.9 million customers had been impacted by the theft — 2.7 million individuals and 173,000 businesses in Ontario and Quebec.
The breach involved personal information — including social insurance numbers — but did not include banking information or passwords.
Quebec provincial police provided Desjardins with the news on Thursday.
“This is not a new breach, this is the same breach with the same employee who did the same pattern, but the bad news today is that the SQ (provincial police) is sure that it’s for the whole group and all the 4.2 million members,” Cormier said.
On Friday, Desjardins wasn’t in a position to specify if more of its business clients were also affected.
Desjardins offered a subsidized subscription to an Equifax credit monitoring service after the initial announcement of the breach, and Cormier says some 40 per cent of its customers have signed up for it.
Cormier said any members who weren’t contacted at that time will be notified, beginning Nov. 4.
The co-operative said it would offer any clients who had been victims of identity theft access to lawyers and experts and reimburse them for certain expenses incurred as a result.
Cormier said that he hopes the public takes notice of the efforts taken in the past four-and-a-half months.
“I think they saw that Desjardins was really pro active on that side,” Cormier said. “It’s really bad that yesterday we received this information from the SQ (police), but I think compared to June 20, our members can see, and they saw Desjardins was standing up and that’s what I hope they see.”
Cormier noted Friday that since the theft was publicized, there have been no instances of fraud involving members accounts.
In September, Quebec provincial police questioned 17 people of interest and conducted multiple property searches as part of an investigation dubbed “Portier.”
The force said it met 91 witnesses in the Quebec City, Montreal and Laval areas, but didn’t making a formal arrest.
Desjardins has said a single employee — since fired — was allegedly responsible for the breach detected in December 2018.
A police spokesperson said Friday the investigation into the breach was ongoing.
In addition, the Office of the Privacy Commissioner of Canada and Quebec’s access to information commission are also investigating.
— Julien Arsenault
This report by The Canadian Press was first published Nov. 1, 2019.
News from © Canadian Press Enterprises Inc. 2019
Print this page
- SEC poll identifies challenges for security departments
- Ontario First Nation newsroom set on fire in ‘targeted’ attack: publisher