Desjardins privacy breach affects 4.2-million banking customers

Visibility360, PDF version to share

By The IJ Staff | Nov. 1, 2019, 1:44 p.m.

DESJARDINS | Cyberrisks

The Sûreté du Québec (SQ) informed Desjardins Group this week that a privacy breach involving the company’s banking customers, has likely affected the data of 4.2 million members who do their banking with Desjardins in Quebec and Ontario.When initially announced in June, the breach was said to have affected 2.9 million members.

At a news conference this morning Desjardins said it would now make those affected by the breach eligible for five years of credit monitoring by Equifax, paid for by Desjardins.

“Desjardins would like to emphasize that from July onward, all caisse members who do their banking with Desjardins in Quebec and Ontario have been protected by Desjardins identity protection, provided at no cost. No registration is required,” the company said in a statement released Friday. “Desjardins is now extending the Equifax credit monitoring service to all caisse members.”

The company said it will begin sending activation codes to members next week. Those who received a letter initially after the announcement in June will not be contacted a second time.

Identity protection program

The company’s existing identity protection program will reportedly protect members against unauthorized transactions, provide personal support if the caisse member’s personal information is used for fraudulent purposes, and may reimburse members for certain expenses, up to $50,000, if any are incurred while restoring their identity.

The company says there has been no spike in fraud cases since the privacy breach was first announced. According to the SQ there is still only one suspect, who worked at Desjardins, who is linked to the privacy breach.

Quebec’s regulator, the Autorité des marchés financiers (AMF) weighed in shortly after the announcement was made, calling the breach “a very serious situation.”

Keeping watch

“The AMF has kept a careful watch on this from the outset,” they said in a statement released Friday morning. “The AMF is staying in close contact with Desjardins in order to obtain all the necessary information regarding this new development.”

“In light of the circumstances of the past several hours, the AMF also wishes to remind Desjardins members again that they should exercise caution as they may receive fraudulent e-mail messages (junk mail), text messages and phone calls,” they add. “Scam artists may be tempted to contact them in order to steal personal information. Do not reply to such requests and do not click on any links that may be sent to you unsolicited. If in doubt, contact your financial institution.”