Desjardins has confirmed that the personal data of more than 2.9 million of its members has been leaked to people outside of the organization.
An employee leaked the data as a result of illegal mishandling and use of the information. The information leaked includes names, addresses, social insurance numbers, birth dates, email addresses and information about users’ transaction habits.
Desjardins confirmed that it has not been the target of a cyberattack, and that it has not seen a spike in fraud cases in its members accounts.
The company stated that passwords for business and personal accounts have not been compromised. It also said that security questions and PINs have not been impacted.
Desjardins confirmed that the data breach impacts 2.7 million individual members and 173,000 business members.
The company confirms that the employee has been fired for the unauthorized and illegal use of the internal information.
Desjardins says that is is carefully monitoring the activity in its members’ accounts and is taking extra steps to confirm its members’ identities. The company has issued letters to members who have been impacted by the breach.
Members who have been impacted the breach are being offered a 12-month credit monitoring plan paid for by Desjardins.
Desjardins is currently working with police regarding the breach, and reassures members that it is communicating with every member that was impacted by the breach.