The privacy breach at Mouvement Desjardins now extends to credit cardholders.
About 1.8-million cardholders who are not Desjardins members may have had their personal information compromised, chief executive officer Guy Cormier said Tuesday. The rogue employee at the centre of the leak — who has since been fired — had access to banking details such as loans and savings, the CEO said on a conference call with reporters.
Still, Cormier said, “this information was not stolen. It was not found in the hands of third parties. We have no indication from our internal analysis that this information could have been shared with third parties.”
The update comes a week after Canada’s biggest financial services cooperative reshuffled its senior management team in the wake of the breach that was first disclosed in June. About 4.2-million individual members have been affected by the situation, in addition to about 173,000 businesses, Desjardins revealed last month.
Desjardins’s internal review and the most recent information from the police still suggest that the former employee acted alone. Credit cards and payment methods such as debit cards have not been compromised, nor have passwords, security questions or personal identification numbers, Desjardins added.
“We’re not talking about the data of the credit cards, we’re not talking about the PIN number or the authentication number,” Cormier said Tuesday. “We’re just talking about the personal information of the people who have these credit cards.”
The “ill-intentioned” employee didn’t have access to the computer systems of Desjardins’ insurance, securities and wealth-management units, said Réal Bellemare, the cooperative’s chief operating officer.
As a result of the latest developments, Desjardins said Tuesday it has decided to extend its identity protection program to all its members and clients. No significant uptick in fraud has been recorded in recent weeks, Desjardins added.
“Until Canada develops a robust digital identity system, we believe that expanding coverage to a larger group of people is the right thing to do,” Cormier said. “In the meantime, we intend to offer the best possible protection against identity theft. We hope the rest of the industry will follow suit.”