A Caisse populaire Desjardins sign is seen in Montreal on Tuesday, June 18, 2019. The federal privacy watchdog says a series of technological and administrative gaps caused a high-profile data breach at Desjardins — the largest in the Canadian financial services sector. THE CANADIAN PRESS/Paul Chiasson

A Caisse populaire Desjardins sign is seen in Montreal on Tuesday, June 18, 2019. The federal privacy watchdog says a series of technological and administrative gaps caused a high-profile data breach at Desjardins — the largest in the Canadian financial services sector. THE CANADIAN PRESS/Paul Chiasson

Series of gaps allowed massive Desjardins data breach, privacy watchdog says

The incident compromised the data of nearly 9.7 million Canadians

A series of technological and administrative gaps caused a high-profile data breach at Desjardins — the largest to date in the Canadian financial services sector, the federal privacy watchdog has found.

In a report today, privacy commissioner Daniel Therrien said Desjardins did not demonstrate the level of attention needed to protect the sensitive personal information entrusted to its care.

The incident compromised the data of nearly 9.7 million Canadians.

“Canadians expect banking information to have a high level of protection, given its sensitivity,” Therrien told a news conference today.

For at least 26 months, a malicious employee was siphoning sensitive personal information collected by Desjardins from customers who had purchased or received products through the organization, Therrien found.

This information was originally stored in two data warehouses to which the employee in question had limited access, the commissioner said.

However, other employees, in the course of fulfilling their work, would regularly copy that information onto a shared drive. As a result, employees who would not usually have the required clearance or the need to access some of the confidential data were able to do so, Therrien found.

The commissioner says the investigation into the breach sheds light on the risks of internal threats, whether they are intentional or not.

The investigation revealed that Desjardins failed to meet several of its obligations under the federal privacy law governing companies. Therrien found:

  • Desjardins did not ensure proper implementation of its policies and procedures for managing personal information, some of which were inadequate;
  • The access controls and data segregation of the company’s databases and directories were lacking;
  • Employee training and awareness were inadequate, considering the sensitive nature of the personal information;
  • Desjardins did not have proper procedures regarding the periodic destruction of personal information.

Desjardins agreed to a series of recommendations to improve information security and the protection of personal data, Therrien said.

The company has committed to provide progress reports every six months as well as hire external auditors to assess and certify its programs.

Therrien’s office and the Commission d’accès à l’information du Québec, which also published its report today, co-ordinated their respective probes.

Jim Bronskill, The Canadian Press

Like us on Facebook and follow us on Twitter.

Want to support local journalism? Make a donation here.

Get local stories you won't find anywhere else right to your inbox.
Sign up here

Just Posted

blessing
Bentley Blessing Pantry continues to faithfully serve the community

‘We just wanted to make everyone aware that we are still here to serve you throughout this coming year.’

Alberta Chief Medical Officer of Health Dr. Deena Hinshaw
Alberta eases some COVID-19 restrictions

Salons, barbershops and other personal and wellness services will be open by appointment only

Environment Canada issued a wind warning for parts of central Alberta on Jan. 13, 2021. (Black Press file photo)
Wind warning issued for central Alberta

Environment Canada said strong northwesterly winds will develop in the morning and weaken in the evening

Lesser Slave Lake UCP MLA Pat Rehn. (Facebook)
Kenney kicks Pat Rehn out of UCP caucus after municipal complaints

Rehn had been criticized by municipal leaders in his constituency

Prime Minister Justin Trudeau listens to a question during a news conference outside Rideau cottage in Ottawa, Friday, January 8, 2021. THE CANADIAN PRESS/Adrian Wyld
Trudeau says Canada’s COVID vaccine plan on track despite Pfizer cutting back deliveries

Canadian officials say country will still likely receive four million doses by the end of March

A Suncor logo is shown at the company’s annual meeting in Calgary on May 2, 2019. A worker is missing after a dozer broke through ice on an inactive Suncor tailings pond in northern Alberta.THE CANADIAN PRESS/Jeff McIntosh
Worker missing after dozer breaks through frozen tailings pond in northern Alberta

The worker was an employee of Christina River Construction

File Photo
‘You took away some real joy,’ Sylvan Lake Winter Village turned off after vandalism

Sometime during the night of Jan, 12 the light display at the pier was vandalized and damaged

A health-care worker prepares a dose of the Pfizer-BioNTech COVID-19 vaccine at a UHN COVID-19 vaccine clinic in Toronto on Thursday, January 7, 2021. THE CANADIAN PRESS/Nathan Denette
COVID clarity: Feds say 42-day gap for 2-dose vaccines OK as provinces race to immunity

‘Realities on the ground’ means that provinces, territories will have difficult choices to make

(Pixabay photo)
Alberta surgeon who hung a noose in a hospital found guilty of unprofessional conduct

College of Physicians and Surgeons says sanctions will be determined at a later hearing

A health-care worker prepares a dose of the Pfizer-BioNTech COVID-19 vaccine at a vaccine clinic in Toronto on Thursday, January 7, 2021. The professional group for emergency doctors in Canada wants more transparency about COVID-19 vaccine distribution. THE CANADIAN PRESS/Nathan Denette
Canadian emergency doctors call for greater transparency on vaccine rollout

Many doctors don’t know when they will be vaccinated and the association says that needs to change

Most Read