What is the issue?
Desjardins, one of the world’s largest banks suffered a security breach after an ill-intentioned employee stole the data of 2.9 million customers and disclosed it to individuals outside Desjardins without authorization.
What was exposed?
The employee has leaked the personal information of almost 2.7 million home users including their full names, dates of birth, addresses, phone numbers, email addresses, social insurance numbers, and the details of banking habits and Desjardins products.
The personal information of almost 173,000 business customers has also been leaked. In the case of business customers, the leaked data includes business name, business address, business phone number, owner's name and names of users on the AccèsD Affaires account.
However, no e-banking passwords, security questions, account PINs, and credit and debit card numbers have been exposed.
Desjardins became aware of the incident from the Laval police on June 14, 2019.
“Desjardins has not been the target of a cyberattack. Our computer systems have not been compromised in any way by this incident,” Desjardins said.
“We understand that this is a worrying situation. We sincerely regret the inconvenience it has caused. Your assets and accounts at Desjardins are protected—you won't suffer a financial loss if unauthorized transactions are made in your Desjardins accounts as a result of this situation,” Desjardins added.