Potential scope of Desjardins data breach widens to include another 2 million credit card holders

Desjardins Group says the former employee suspected of responsibility for a massive data breach had access to the personal information of a further 1.8-million credit card holders.

Credit union federation is extending insurance to anyone who does business with the institution

Since the data breach was first made public in June, Desjardins has discovered that 4.2-million members were affected. (Ivanoh Demers/Radio-Canada)

Desjardins Group says the former employee suspected of orchestrating a massive data breach also had access to the personal information of a further 1.8-million credit card holders.

These credit card holders are not members of Desjardins, Canada's biggest federation of credit unions. They are in addition to the 4.2 million members already known to be affected by the data breach.

The data breach was first made public in June. At the time, authorities alleged the suspect  — an employee who has since been fired — had transferred the personal information of members to a third party.

On a conference call Tuesday, Desjardins's executives said they don't believe the personal information of the credit card holders was transferred to a third party. They were informing the public as "preventive" measure, they said.

Desjardins's executives also said the suspect only had access to limited amounts of data.

Guy Cormier, Desjardins CEO and president, has been trying to contain the fallout from the data breach. He was called to testify before a provincial legislative commission last month. (Sylvain Roy Roussel/CBC)

"No credit card was compromised, nor was any payment system like Interac or debit card. Passwords, security questions and personal identification numbers also weren't affected," said Réal Bellemare, Desjardins's newly appointed chief financial officer.

Desjardins also announced Tuesday that it is extending its credit-monitoring insurance to anyone who does business with the institution.

The insurance was initially available to those members who were affected by the breach. It will now be available to both members and clients, current and past — an estimated 8 million people across Canada.

Earlier this month, two senior executives at Desjardins left the organization following an internal audit into the data breach.

"The events of recent months brought me to the conclusion that we had to change the makeup of senior management," president and CEO Guy Cormier said after replacing his CFO, Denis Berthiaume, and the vice-president of information technology, Chadi Habib.

While police say they have identified a suspect, no charges have been laid.


To encourage thoughtful and respectful conversations, first and last names will appear with each submission to CBC/Radio-Canada's online communities (except in children and youth-oriented communities). Pseudonyms will no longer be permitted.

By submitting a comment, you accept that CBC has the right to reproduce and publish that comment in whole or in part, in any manner CBC chooses. Please note that CBC does not endorse the opinions expressed in comments. Comments on this story are moderated according to our Submission Guidelines. Comments are welcome while open. We reserve the right to close comments at any time.

Become a CBC Member

Join the conversation  Create account

Already have an account?