Employee data breach exposed info of 2.9M members: Desjardins

Desjardins Group says the personal information of more than 2.9-million of its members has been shared with individuals outside of the organization.

The Quebec-based financial institution says the breach affects 2.7 million individual members and 173,000 business members.

It says the situation is the result of unauthorized and illegal use of its internal data by an employee who has since been fired.

Personal members may have had several pieces of personal information released including their name, date of birth, social insurance number, address, phone number, email address and details about their banking habits.

Business members had information such as their business name, addresses, telephone numbers and owner names and AccesD Affaires account users exposed.

The company says passwords, security questions and personal identification numbers were not compromised.

Desjardins noted the incident was not the result of a cyberattack and that its computer systems were not breached.

“We understand that this is a worrying situation. We sincerely regret the inconvenience it has caused,” the company said in a statement. “Your assets and accounts at Desjardins are protected – you won’t suffer a financial loss if unauthorized transactions are made in your Desjardins accounts as a result of this situation.”

Desjardins says it was working with police and has implemented additional security measures.

As a precaution, it says it is also offering to pay for a credit monitoring plan and identity theft insurance for 12 months for affected members.

Files from The Canadian Press were used in this report