Desjardins now says data breach affected 4.2 million members


Desjardins Group has announced that a massive data breach from earlier this year is much larger in scope than previously believed and has affected 4.2 million of its members.

Guy Cormier, president and chief executive of Desjardins, announced the update Friday following the release of new information in the investigation.

“What we are announcing is not a new leak,” he said. “This is an update on the same breach by the same malicious person.”

In June, the Quebec-based financial institution said the personal information of nearly three million members was shared illegally by an employee. As part of the breach, the employee was reportedly able to leak social insurance numbers and other sensitive information to third parties outside of the organization.

Desjardins specified on Friday that the breach affects banking members in both Quebec and Ontario. It is not yet known if it affects more business members.

Last month, the provincial police force questioned 17 people of interest and conducted multiple property searches as part of an investigation dubbed “Portier.” The force said it met 91 witnesses in the Quebec City, Montreal and Laval areas without making a formal arrest.

Desjardins has said that one employee, who was allegedly responsible for the breach, has been fired.

The massive leak has sparked multiple probes into the incident. Aside from the Quebec provincial police, the Office of the Privacy Commissioner of Canada and Quebec’s access to information commission are also investigating.

The Quebec firm has given all members who do banking with Desjardins in Quebec and Ontario identity protection as of July. It will now extend its Equifax credit monitoring to all of its members.