QPP questions 17 people about Desjardins data breach


Seventeen people of interest have been questioned by the Quebec Provincial Police regarding the breach of personal information of 2.9 million Desjardins Group members. The police also say they met with 91 witnesses in Quebec City, Montreal and Laval earlier this week about the data leak of 2.7 million individuals and 173,000 businesses that were Desjardins customers.

According to the report on Toronto Sun, the police also conducted six searches, four residences and two businesses, confiscating computer equipment. The operation involved over 200 police and a dozen civilian members.

The provincial police had announced in June, after the leak, that it was creating an integrated investigation team including police in the Quebec cities of Laval, Montreal, Quebec City and Levis.

Desjardins, a Quebec-based co-operative, and the largest association of credit unions in North America had earlier blamed a single employee for being responsible for the breach of personal information including social insurance number, address and details of banking habits of more than 2.9 million members, which was detected in December 2018, they said the employee had since been fired and as a precautionary measure, the company had offered affected members a credit monitoring plan and identity theft insurance for 12 months.

According to Financial Post, The issue came to light after Quebec’s Laval police contacted the company confirming that personal details of its members had been shared with individuals outside the organization.

The leaked information included names, dates of birth, social insurance numbers, addresses and phone numbers of about 2.7 million individual members, released to people outside the organization. Desjardins had however stressed that passwords, security questions and personal identification numbers hadn’t been compromised. About 173,000 business customers had also been affected.

Desjardins had handled the matter very seriously as had been expected, and even Quebec’s Autorité des marchés financiers, quoted in the Montreal Gazette, expressed confidence that Desjardins officials had “handled the situation with due rigour, transparency and speed and that the cooperation provided to law enforcement is full and complete.”

Since the breach, the company said it has effected further security measures to protect personal information, accounts and assets. The company has also employed specialists and is working side-by-side with the Laval police.

The incident "highlights the omnipresent risks to information security that all organizations must now contend with," the company said in a statement.

“I’d like to reassure our members and clients: their accounts and assets with Desjardins are protected in the event of fraud,” chief executive officer Guy Cormier had said in the statement. “If they suffer a financial loss as a result of this situation, they will get their money back. We regret this situation and are making every effort to ensure that it doesn’t happen again.”

The issue of cyber-attacks appears to be getting more persistent in Canada, giving law enforcement officers a cause for concern. Last year, Bank of Montreal and Canadian Imperial Bank of Commerce said that cyber attackers may have stolen data of nearly 90,000 customers.