Desjardins says personal data of 2.9M members breached

(Reuters) — Canadian lender Desjardins Group said Thursday an unauthorized use of internal data by an employee led to breach of personal information including social insurance numbers, addresses and details of banking habits of more than 2.9 million members.

The issue came to light after Quebec’s Laval police contacted the company confirming that personal details of its members had been shared with individuals outside the organization.

Desjardins, the largest association of credit unions in North America, said the concerned employee has been fired, and as a precautionary measure it will offer affected members a credit monitoring plan and identity theft insurance for 12 months.

Last year, Bank of Montreal and Canadian Imperial Bank of Commerce said that cyberattackers may have stolen data of nearly 90,000 customers in what appeared to be the first significant assault on financial institutions in the country.