Summer breach season claims Canadian credit union

The credit union reports “an ill-intentioned employee” swiped data of 2.9 million members.

The $295.5 billion Lévis, Quebec-based Desjardins, Canada’s largest credit union with 7 million members and 46,216 staffers, and one of the world’s largest financial institutions, disclosed an employee-caused breach.

In a statement posted on its website, the financial institution said “an ill-intentioned employee” swiped data of 2.9 million members (2.7 million home users; 173,000 businesses and associated contacts). “In light of these events, additional security measures have been put in place to ensure all our members’ personal and financial data remains protected.”

According to a CBC report Desjardins referred a suspicious transaction to Laval police in December 2018. In May, police informed Desjardins of the leaking of personal information.  Desjardins said, no compromise of passwords, security questions and personal identification took place.

Dan Tuchler, chief marketing officer for SecurityFirst, had a quick reaction: “The bank is saying that credit card numbers, security questions, and so on were not taken. Is this supposed to make it OK?” Tuchler added those with exposed personal information are going to be concerned. “Enterprises, especially banks, need to take both technical steps and human process steps to prevent this type of breach.”


continue reading »