Desjardins suffers data breach affecting 2.9 million members after inside job

One of Canada’s leading financial groups has suffered a massive data breach that affects millions of members.

Desjardins issued a statement today saying that they were contacted by police in Laval, Que. with information confirming that the personal information of more than 2.9 million members had been shared with individuals outside of the organization.

The company said that includes 2.7 million individual members and 173,000 business members.

In the statement, they explain that the breach was not a cyber attack. It was the result of “unauthorized and illegal use of our internal data by an employee.”

Desjardins has confirmed that the employee who was allegedly behind the breach has been fired.

Personal information that was affected included the first and last names of members, their date of birth, social insurance number, address, phone number, email address and details about banking habits and Desjardins products.

Passwords, security questions, and personal identification numbers were not compromised.

Desjardins says they are working with the Laval police and is working with experts to implement additional security measures.

"I'd like to reassure our members and clients: their accounts and assets with Desjardins are protected in the event of fraud. If they suffer a financial loss as a result of this situation, they will get their money back. We regret this situation and are making every effort to ensure that it doesn't happen again," said Guy Cormier, President and CEO of Desjardins Group.

Affected members will receive a letter and, as a precaution, Desjardins will also offer affected members a credit monitoring plan and identity theft insurance for 12 months, paid for by Desjardins. For more information, click here.

Desjardins Group is the leading cooperative financial group in Canada and the fifth largest in the world, with assets of $304 billion. It has been rated one of Canada's Top 100 Employers by Mediacorp.