The June data breach of Canadian financial institution Desjardins was wider in scope than initially reported and compromised the data of all 4.2 million of its individual members.
The breach, initially detected in December 2018 and announced in July 2019, was originally estimated to have affected 2.7 customers and 173,000 businesses. Desjardins announced the revised figure based on information shared by the Sûreté du Québec (SQ), the Quebec province’s police force. It is possible more businesses were impacted by the breach than originally estimated.
Compromised member data included names, addresses, birthdates, social insurance numbers, email addresses and transaction histories.
“This is not a new breach, this is the same breach with the same employee who did the same pattern [sic], but the bad news today is that the SQ is sure that it's for the whole group and all the 4.2 million members," said Desjardins chief executive Guy Cormier.
While Desjardins attributed the data breach to a single employee, no arrests have been made and an investigation is still ongoing.