Clients of Desjardins Securities (Desjardins Securities) and holders of insurance products recently received a letter from Desjardins Group telling them that their personal information had perhaps been consulted by the former employee responsible for one of the most major data breaches in Quebec.
• Read also: COVID-19: Desjardins’ surpluses tumble
• Read also: Personal data: increasing numbers of leaks
Last December, after continuing its analyzes, the Lévis financial institution claims to have identified 10,000 additional people who come from various subsidiaries of the group, such as Desjardins Securities, whose personal information may have been exposed.
Desjardins ensures that his ex-employee did not have access to any database of its subsidiaries. Management replied that these were exceptional cases.
No less than 10,000 people
As in the past, the sensitive data that could be consulted are names, first names, addresses, dates of birth, social insurance numbers, as well as members’ products with the institution.
“Nothing indicates to us that the personal information of these 10,000 customers was transmitted to third parties by the malicious ex-employee”, notes in an email the spokesperson Chantal Corbeil.
The latter explains that some of Desjardins Securities’ affected clients had other business relationships with Desjardins. They have already, for example, submitted a request for a product at the checkout without having acquired it. It is for this reason that their data was exposed, and “not because of their connection with VMD”.
Other customers received a letter, “because they have, or have had life insurance products sold by cash, and not by subsidiaries”, continues Mr.me Corbeil. Their information then remained in the bank database and was accessible to the ex-employee at fault.
Newly affected people have access to Desjardins protection, which includes the Equifax monitoring package. In fact, all clients, including those of subsidiaries, have had this protection since December 2019.
More than 8 million members protected
To refresh my memory, last December, Desjardins revealed that the ex-employee had also had access to the personal information of credit card holders or financing at points of sale.
More than eight million clients now have Desjardins protection. The personal information of 4.2 million members was reportedly transmitted outside the organization.
Desjardins reiterates in an email that its division on the United States side, Desjardins Bank, is not affected by the data leak, because it is an independent entity.