A Caisse populaire Desjardins sign is seen in Montreal on Tuesday, June 18, 2019. The federal privacy watchdog says a series of technological and administrative gaps caused a high-profile data breach at Desjardins — the largest in the Canadian financial services sector. THE CANADIAN PRESS/Paul Chiasson

A Caisse populaire Desjardins sign is seen in Montreal on Tuesday, June 18, 2019. The federal privacy watchdog says a series of technological and administrative gaps caused a high-profile data breach at Desjardins — the largest in the Canadian financial services sector. THE CANADIAN PRESS/Paul Chiasson

Series of gaps allowed massive Desjardins data breach, privacy watchdog says

The incident compromised the data of nearly 9.7 million Canadians

A series of technological and administrative gaps caused a high-profile data breach at Desjardins — the largest to date in the Canadian financial services sector, the federal privacy watchdog has found.

In a report today, privacy commissioner Daniel Therrien said Desjardins did not demonstrate the level of attention needed to protect the sensitive personal information entrusted to its care.

The incident compromised the data of nearly 9.7 million Canadians.

“Canadians expect banking information to have a high level of protection, given its sensitivity,” Therrien told a news conference today.

For at least 26 months, a malicious employee was siphoning sensitive personal information collected by Desjardins from customers who had purchased or received products through the organization, Therrien found.

This information was originally stored in two data warehouses to which the employee in question had limited access, the commissioner said.

However, other employees, in the course of fulfilling their work, would regularly copy that information onto a shared drive. As a result, employees who would not usually have the required clearance or the need to access some of the confidential data were able to do so, Therrien found.

The commissioner says the investigation into the breach sheds light on the risks of internal threats, whether they are intentional or not.

The investigation revealed that Desjardins failed to meet several of its obligations under the federal privacy law governing companies. Therrien found:

  • Desjardins did not ensure proper implementation of its policies and procedures for managing personal information, some of which were inadequate;
  • The access controls and data segregation of the company’s databases and directories were lacking;
  • Employee training and awareness were inadequate, considering the sensitive nature of the personal information;
  • Desjardins did not have proper procedures regarding the periodic destruction of personal information.

Desjardins agreed to a series of recommendations to improve information security and the protection of personal data, Therrien said.

The company has committed to provide progress reports every six months as well as hire external auditors to assess and certify its programs.

Therrien’s office and the Commission d’accès à l’information du Québec, which also published its report today, co-ordinated their respective probes.

Jim Bronskill, The Canadian Press

Like us on Facebook and follow us on Twitter.

Want to support local journalism? Make a donation here.

Get local stories you won't find anywhere else right to your inbox.
Sign up here

Just Posted

Lymphedema is often treated with medical devices such as compression garments, pneumatic compression pumps, or specialized custom wraps and bandages. (Submitted photo)
March 6 marks World Lymphedema Day

Lymphedema is caused by damage to the lymphatic system, and afflictings millions worldwide

Work has begun on the Downtown Public Washroom on 1st Avenue. (Submitted photo)
Work has begun on the Ladysmith Downtown Public Washroom

The project is expected to be finished in the spring

An architectural rendering of the five storey condo building at 201/203 Dogwood Drive. (BJK Architecture photo)
Five storey condo building proposal at Dalby’s proceeds to public hearing stage

Frank and Mike Crucil of FMC Holdings are hoping to turn Dalby’s Automotive into a five storey condo

Jimmy Seymour was recognized for his outstanding work as the solid waste operator for Stz’uminus First Nation. (Submitted photo)
‘He has a way with the community’, Jimmy Seymour recognized for his dedication to Stz’uminus First Nation

Jimmy Seymour uses his job as solid waste operator to spread kindness through Stz’uminus

LSS’s Parallel Players are hosting an online improv show. (Parallel Players photo)
Ladysmith Secondary School improv team hosts livestream performance

Perfomances will be held Thursday, March 4 and Friday March 5 at 7 p.m.

The James C Richardson Pipe Band marches in a Remembrance Day parade on Nov. 11, 2019 in Chilliwack. Wednesday, March 10 is International Bagpipe Day. (Jenna Hauck/ Chilliwack Progress file)
Unofficial holidays: Here’s what people are celebrating for the week of March 7 to 13

International Bagpipe Day, Wash Your Nose Day and Kidney Day are all coming up this week

Hockey hall-of-fame legend Wayne Gretzky, right, watches the casket of his father, Walter Gretzky, as it is carried from the church during a funeral service in Brantford, Ont., Saturday, March 6, 2021. HE CANADIAN PRESS/Nathan Denette
Walter Gretzky remembered as a man with a ‘heart of gold’ at funeral

The famous hockey father died Thursday at age 82 after battling Parkinson’s disease

Donald Alan Sweet was once an all star CFL kicker who played for the Montreal Alouettes and Montreal Concordes over a 13-year career. Photo courtesy of Mission RCMP.
Retired B.C. teacher and star CFL kicker charged for assault, sexual crimes against former students

Donald Sweet taught in Mission School District for 10 years, investigators seek further witnesses

(Black Press Media files)
Medicine gardens help Victoria’s Indigenous kids in care stay culturally connected

Traditional plants brought to the homes of Indigenous kids amid the COVID-19 pandemic

Highway 14 (Sooke Road) is closed between Impala Road and Humpback Road after one man was shot dead Friday night. (Black Press Media file photo)
One man shot dead in possible ‘targeted incident’ in Metchosin

Highway 14 remains closed at incident scene, detour made available early Saturday

Personal protective equipment is seen in the COVID-19 intensive care unit at St. Paul’s hospital in downtown Vancouver. THE CANADIAN PRESS/Jonathan Hayward
$16.9 million invested to improve worker safety, strengthen B.C.’s food supply chain

Money to be used for social distancing, personal protective equipment, cleaning, and air circulation

More than ever before, as pandemic conditions persist, the threat of data breaches and cyberattacks continues to grow, according to SFU professor Michael Parent. (Pixabay photo)
SFU expert unveils 5 ways the COVID-19 pandemic has forever changed cybersecurity

Recognizing these changes is the first in a series of steps to mitigate them once the pandemic ends, and before the next: Michael Parent

Kevin Haughton is the founder/technologist of Courtenay-based Clearflo Solutions. Scott Stanfield photo
Islander aims Clearflo clean drinking water system at Canada’s remote communities

Entrepreneur $300,000 mobile system can produce 50,000 litres of water in a day, via solar energy

Malawian police guard AstraZeneca COVID-19 vaccines after the shipment arrived in Lilongwe, Malawi, Friday March 5, 2021. Canada is expecting its first shipments of AstraZeneca vaccine next week. (Associated Press/Thoko Chikondi)
B.C.’s daily COVID-19 cases climb to 634 Friday, four more deaths

Currently 255 people in hospital, 66 in intensive care

Most Read