Desjardins, Canada’s largest credit union and one of the world’s largest banks, announced a security breach caused by a former employee.
In a statement, the company revealed that an “ill-intentioned employee” had stolen the data of 2.9 million users (2.7 million personal members and 173,000 business members). And upon learning about the incident, which took place on Friday, June 24, the bank fired the employee.
According to Desjardins, only personally-identifiable information was taken from its systems. However, e-banking passwords, security questions, account PINs, and credit and debit card numbers remain safely intact.
For personal members, the exposed information includes first and last name, date of birth, social insurance number, address, phone number, email address, and details of banking habits and Desjardins products.
And, for business members, the exposed information included business name, business address, business phone number, owner’s name and names of users on the AccèsD Affaires account.
Desjardins is working closely with law enforcement on the case. And along with notifying affected individuals, it is offering a free 5-year credit monitoring plan. Additionally, the company has implemented new security measures to ensure that a similar situation never happens again.