Quebec-based financial institution, Desjardins, has announced a data leak affecting over 2.9 million members.
According to a Desjardins press release, Laval police approached the financial institution last week of the data leak, informing them personal data from 2.7 million individual members and 173,000 business members were leaked through “unauthorized and illegal use of our internal data by an employee who has since been fired.”
As for personal info leaked, Desjardins the following info may have been shared:
- first and last name
- date of birth
- social insurance number
- phone number
- email address
- details about your banking habits and Desjardins products
Desjardins says “passwords, security questions, and PINs (personal identification numbers) were not compromised. This incident was not a cyberattack. Desjardins computer systems were in no way breached during this incident, which was the result of illegal acts committed by the above-mentioned former employee.”
Business members affected may have seen their “business names, addresses, telephone numbers, and the names of owners and AccèsD Affaires account users,” leaked to third parties.
Desjardins says it will contact members affected by the leak and has “hired experts” plus is working with Laval police regarding the situation.
“I’d like to reassure our members and clients: their accounts and assets with Desjardins are protected in the event of fraud. If they suffer a financial loss as a result of this situation, they will get their money back. We regret this situation and are making every effort to ensure that it doesn’t happen again,” said Guy Cormier, President and CEO of Desjardins Group, in a statement.
Desjardins says it will offer a free “credit monitoring plan and identity theft insurance for 12 months,” with members soon to be contacted with a redemption code to activate these services.