Frédéric Tomesco reports:
More than 2.9 million Desjardins Group members have had their personal information compromised in a data breach targeting Canada’s biggest credit union.
The incident stems from “unauthorized and illegal use of internal data” by an employee who has since been fired, Desjardins said Thursday in a statement. Computer systems were not breached, the cooperative said.
Names, dates of birth, social insurance numbers, addresses and phone numbers of about 2.7 million individual members were released to people outside the organization, Desjardins said. Passwords, security questions and personal identification numbers weren’t compromised, Desjardins stressed. About 173,000 business customers were also affected.
Read more on Montreal Gazette.
The statement from Desjardins Group does not offer any explanation of the former employee’s “ill-intentioned” conduct. Was the employee selling the data to criminals? Were they selling it to spammers? Were they giving it to a competitor? It would be easier to evaluate the risk to individuals if they knew more about the crime itself, I think.