A Caisse populaire Desjardins sign is seen in Montreal on Tuesday, June 18, 2019. The federal privacy watchdog says a series of technological and administrative gaps caused a high-profile data breach at Desjardins — the largest in the Canadian financial services sector. THE CANADIAN PRESS/Paul Chiasson

A Caisse populaire Desjardins sign is seen in Montreal on Tuesday, June 18, 2019. The federal privacy watchdog says a series of technological and administrative gaps caused a high-profile data breach at Desjardins — the largest in the Canadian financial services sector. THE CANADIAN PRESS/Paul Chiasson

Series of gaps allowed massive Desjardins data breach, privacy watchdog says

The incident compromised the data of nearly 9.7 million Canadians

A series of technological and administrative gaps caused a high-profile data breach at Desjardins — the largest to date in the Canadian financial services sector, the federal privacy watchdog has found.

In a report today, privacy commissioner Daniel Therrien said Desjardins did not demonstrate the level of attention needed to protect the sensitive personal information entrusted to its care.

The incident compromised the data of nearly 9.7 million Canadians.

“Canadians expect banking information to have a high level of protection, given its sensitivity,” Therrien told a news conference today.

For at least 26 months, a malicious employee was siphoning sensitive personal information collected by Desjardins from customers who had purchased or received products through the organization, Therrien found.

This information was originally stored in two data warehouses to which the employee in question had limited access, the commissioner said.

However, other employees, in the course of fulfilling their work, would regularly copy that information onto a shared drive. As a result, employees who would not usually have the required clearance or the need to access some of the confidential data were able to do so, Therrien found.

The commissioner says the investigation into the breach sheds light on the risks of internal threats, whether they are intentional or not.

The investigation revealed that Desjardins failed to meet several of its obligations under the federal privacy law governing companies. Therrien found:

  • Desjardins did not ensure proper implementation of its policies and procedures for managing personal information, some of which were inadequate;
  • The access controls and data segregation of the company’s databases and directories were lacking;
  • Employee training and awareness were inadequate, considering the sensitive nature of the personal information;
  • Desjardins did not have proper procedures regarding the periodic destruction of personal information.

Desjardins agreed to a series of recommendations to improve information security and the protection of personal data, Therrien said.

The company has committed to provide progress reports every six months as well as hire external auditors to assess and certify its programs.

Therrien’s office and the Commission d’accès à l’information du Québec, which also published its report today, co-ordinated their respective probes.

Jim Bronskill, The Canadian Press

Like us on Facebook and follow us on Twitter.

Want to support local journalism? Make a donation here.

Just Posted

Marine biologist Rick Harbo pulls a lid from the Ladysmith harbour, which he uses to monitor the presence of native and non-native species in the Ladysmith harbour. (Cole Schisler photo)
Unidentified sponge may be the latest marine species invading Ladysmith Harbour

Marine biologist finding dozens of alien species in warm-water harbour, none of them threatening

More and more graffiti has appeared in Ladysmith’s downtown core during the pandemic. (Cole Schisler photo)
Council creates rebate program to encourage graffiti clean up

Property owners can receive up to $50 to help fund graffiti removal

Rick Ruppenthal of Saltair will host a 12-hour talk-a-thon Friday, June 18 over Facebook live. (Photo submitted)
Talk-a-thon to focus on men’s mental health issues

Saltair man spearheading a campaign to generate more conversation during fundraiser

(File photo)
Poverty reduction survey identifies 10 poverty themes

Poverty reduction plan will be finalized in July 2021

Maxwell Johnson is seen in Bella Bella, B.C., in an undated photo. The Indigenous man from British Columbia has filed complaints with the B.C. Human Rights Tribunal and the Canadian Human Rights Commission after he and his granddaughter were handcuffed when they tried to open a bank account. THE CANADIAN PRESS/HO-Heiltsuk Nation, Damien Gillis, *MANDATORY CREDIT*
VIDEO: Chiefs join human rights case of Indigenous man handcuffed by police in B.C. bank

Maxwell Johnson said he wants change, not just words, from Vancouver police

Two ambulances and a medevac helicopter are on scene at Taylor River Flats rest area on Highway 4 due to a serious motor vehicle incident. (PHOTO COURTESY MAGGIE BROWN)
Highway 4 reopens between Port Alberni and Tofino

Multi-vehicle accident temporarily closed highway in both directions

Tk’emlups te Secwepemc Chief Rosanne Casimir stands outside the former Kamloops Indian Residential School after speaking to reporters, in Kamloops, B.C., on Friday, June 4, 2021.THE CANADIAN PRESS/Darryl Dyck
Kamloops chief says more unmarked graves will be found across Canada

Chief Rosanne Casimir told a virtual news conference the nation expects to release a report at the end of June

A woman wears a vaccinated sticker after receiving a COVID-19 vaccine at a vaccination clinic run by Vancouver Coastal Health, in Richmond, B.C., Saturday, April 10, 2021. THE CANADIAN PRESS/Jonathan Hayward
B.C. ranks among highest in world in COVID-19 first-dose shots: health officials

More than 76% of eligible people have received their 1st shot

A screenshot of the First Peoples Cultural Councils First Peoples’ Map. (First Peoples Cultural Council)
Online resource blends B.C.-Alberta’s Indigenous languages, art and culture

Advisor says initiative supports the urgent need to preserve Indigenous languages

An artists conception of the new terminal building at the Pitt Meadows Regional Airport.
Air travel taking off in B.C., but lack of traffic controllers a sky-high concern

There will be demand for more air traffic controllers: Miller

Canadian Armed Forces experts are on their way to North Vancouver after a local homeowner expressed worry about a military artifact he recently purchased. (Twitter DNV Fire and Rescue)
Military called in to deal with antique ‘shell’ at North Vancouver home

‘The person somehow purchased a bombshell innocently believing it was an out-of-commission military artifact’

Amy Kobelt and Tony Cruz have set their wedding date for February, hoping that more COVID-19 restrictions will have lifted. (The Macleans)
B.C. couples ‘gambling’ on whether COVID rules will let them dance at their wedding

Amy Kobelt and Tony Cruz pushed back their wedding in hopes of being able to celebrate it without the constraints of COVID-19

Most Read