Today, Desjardins, Canada’s largest credit union and one of the world’s biggest banks, announced a security breach caused by a former employee.
The bank said a bank employee had taken the data of 2.9 million members (2.7 million home users and 173,000 businesses and associated contacts) from its database, without authorization.
Data breach affects more than 40% of Quebec-based credit union’s clients and members.
NO CARD NUMBERS OR PASSWORDS EXPOSED
Desjardins said that only personally-identifiable information (PII) was taken from its system, but not any e-banking passwords, security questions, account PINs, and credit and debit card numbers.
For home users, the exposed information included first and last name, date of birth, social insurance number, address, phone number, email address, and details of banking habits and Desjardins products.
For business customers, the exposed information included business name, business address, business phone number, owner’s name and names of users on the AccèsD Affaires account.
The bank said it’s working with local law enforcement on the case.
It also said it has started notifying impacted customers of the breach, and all affected individuals and businesses will receive breach notification letters in the coming days.
POST ON THEIR WEBSITE
Article updated shortly after publication with information disproving Desjardins’ claims that this incident marked the company’s first data breach.