Canadian lender Desjardins Group revealed that it has been the victim of a data breach that could impact more than 2.9 million members.
The firm was contacted by law enforcement on June 14 with information confirming that the personal information of more than 2.9 million members had been shared with individuals outside the organization. The leaked information includes 2.7 million individual members and 173,000 business members.
Desjardins, the largest association of credit unions in North America, explained that the breach is the result of unauthorized and illegal use of the company’s data by an employee who has since been fired. As a result, additional security measures were put in place on all accounts, and Desjardins will be sending a letter to all affected by the incident. And as a precaution, Desjardins will also offer affected members a free credit monitoring plan and identity theft insurance for 12 months.
The compromised data includes first and last name, date of birth, social insurance number, address, phone number, email address and details about customer banking habits and Desjardins products. Passwords, security questions, and PINs were not compromised. Desjardins pointed out that the incident was not a cyberattack, and its computer systems were in no way breached during this incident.
The bank’s investigations also showed that information about business members was among the affected data, including identifying information such as business names, addresses, telephone numbers, and the names of owners and AccèsD Affaires account users.