A Caisse populaire Desjardins sign is seen in Montreal on Tuesday, June 18, 2019. The federal privacy watchdog says a series of technological and administrative gaps caused a high-profile data breach at Desjardins — the largest in the Canadian financial services sector. THE CANADIAN PRESS/Paul Chiasson

A Caisse populaire Desjardins sign is seen in Montreal on Tuesday, June 18, 2019. The federal privacy watchdog says a series of technological and administrative gaps caused a high-profile data breach at Desjardins — the largest in the Canadian financial services sector. THE CANADIAN PRESS/Paul Chiasson

Series of gaps allowed massive Desjardins data breach, privacy watchdog says

The incident compromised the data of nearly 9.7 million Canadians

A series of technological and administrative gaps caused a high-profile data breach at Desjardins — the largest to date in the Canadian financial services sector, the federal privacy watchdog has found.

In a report today, privacy commissioner Daniel Therrien said Desjardins did not demonstrate the level of attention needed to protect the sensitive personal information entrusted to its care.

The incident compromised the data of nearly 9.7 million Canadians.

“Canadians expect banking information to have a high level of protection, given its sensitivity,” Therrien told a news conference today.

For at least 26 months, a malicious employee was siphoning sensitive personal information collected by Desjardins from customers who had purchased or received products through the organization, Therrien found.

This information was originally stored in two data warehouses to which the employee in question had limited access, the commissioner said.

However, other employees, in the course of fulfilling their work, would regularly copy that information onto a shared drive. As a result, employees who would not usually have the required clearance or the need to access some of the confidential data were able to do so, Therrien found.

The commissioner says the investigation into the breach sheds light on the risks of internal threats, whether they are intentional or not.

The investigation revealed that Desjardins failed to meet several of its obligations under the federal privacy law governing companies. Therrien found:

  • Desjardins did not ensure proper implementation of its policies and procedures for managing personal information, some of which were inadequate;
  • The access controls and data segregation of the company’s databases and directories were lacking;
  • Employee training and awareness were inadequate, considering the sensitive nature of the personal information;
  • Desjardins did not have proper procedures regarding the periodic destruction of personal information.

Desjardins agreed to a series of recommendations to improve information security and the protection of personal data, Therrien said.

The company has committed to provide progress reports every six months as well as hire external auditors to assess and certify its programs.

Therrien’s office and the Commission d’accès à l’information du Québec, which also published its report today, co-ordinated their respective probes.

Jim Bronskill, The Canadian Press

Like us on Facebook and follow us on Twitter.

Want to support local journalism? Make a donation here.

Get local stories you won't find anywhere else right to your inbox.
Sign up here

Just Posted

Emergency crews were called to an ATV rollover on Harrison East Forest Service Road on Saturday, Jan. 16, 2021. (Google Maps)
UPDATE: Two people involved in ATV rollover 100 feet down ravine in Harrison, at least one injured

Incident happened shortly before 5 p.m. on Harrison East Forest Service Road

An amethyst rock was stolen from Swinstones Granite Shop’s showroom in Chilliwack on Yale Rd. West, and they are hoping it will be spotted and returned. They discovered their window smashed and the purple rock stolen on the morning of Jan. 17, 2020. Here a portion of it is pictured to the right. (Submitted image)
Amethyst stolen from Chilliwack stone shop’s showroom

Window smashed at business where purple rock has been on display for nearly 16 years

sdf
Another Mission student arrested for assault, in 2nd case of in-school violence this week

RCMP notified of local Instagram page with videos (now deleted) showing student assaults, bullying

Two people on a paddleboard take advantage of a calm Cultus Lake on Friday, Jan. 15, 2021. (Jenna Hauck/ Chilliwack Progress)
WEATHER: Forecast calls for lots of sun in Fraser Valley this coming week

Most of next seven days will be sunny for eastern Fraser Valley, according to Environment Canada

Katie Smith and Richard Coombs are teh couple behind Agassiz Delivered, a new delivery company that has taken off during the COVID-19 pandemic. (Agassiz Delivered/Facebook)
Local couple keeps Agassiz delivered

What started out as takeout delivery has turned into a pandemic business boom

Justin Kripps of Summerland and his team have competed in Olympic action and World Cup competitions in bobsleigh. (Jason Ransom-Canadian Olympic Comittee).
QUIZ: Are you ready for some winter sports?

It’s cold outside, but there are plenty of recreation opportunities in the winter months

Alberta Energy Minister Sonya Savage addresses the attendees while Tom Olsen, Managing Director of the Canadian Energy Centre, looks on at a press conference at SAIT in Calgary on Wednesday, Dec. 11, 2019. THE CANADIAN PRESS/Greg Fulmes
‘Morally and ethically wrong:’ Court to hear challenge to Alberta coal policy removal

At least 9 interveners will seek to join a rancher’s request for a judicial review of Alberta’s decision

Pindie Dhaliwal, one of the organizers for the Surrey Challo protest for Indian farmers. She says organizers were told by Surrey RCMP that the event was not allowed due to COVID-19. Organizers ended up moving the protest to Strawberry Hill at the last minute. (Photo: Lauren Collins)
Indian farmers rally moves as organizers say Surrey RCMP told them they couldn’t gather

Protest originally planned in Cloverdale, moved to Strawberry Hill

A health-care worker prepares a dose of the Pfizer-BioNTech COVID-19 vaccine at a UHN COVID-19 vaccine clinic in Toronto on Thursday, January 7, 2021. THE CANADIAN PRESS/Nathan Denette
COVID-19: Provinces work on revised plans as Pfizer-BioNTech shipments to slow down

Anita Anand said she understands and shares Canadians’ concerns about the drug company’s decision

Tourists take photographs outside the British Columbia Legislature in Victoria, B.C., on Friday August 26, 2011. A coalition of British Columbia tourism industry groups is urging the provincial government to not pursue plans to ban domestic travel to fight the spread of COVID-19. THE CANADIAN PRESS/Darryl Dyck
B.C. travel ban will harm struggling tourism sector, says industry coalition

B.C. government would have to show evidence a travel ban is necessary

Join Black Press Media and Do Some Good
Join Black Press Media and Do Some Good

Pay it Forward program supports local businesses in their community giving

Cannabis bought in British Columbia (Ashley Wadhwani/Black Press Media)
Is it time to start thinking about greener ways to package cannabis?

Packaging suppliers are still figuring eco-friendly and affordable packaging options that fit the mandates of Cannabis Regulations

(Phil McLachlan - Capital News)
‘Targeted’ shooting in Coquitlam leaves woman in hospital

The woman suffered non-life threatening injuries in what police believe to be a targeted shooting Saturday morning

(Photo by Kevin Hill)
40 cases linked to Surrey Memorial Hospital COVID-19 outbreak

Fraser Health says two death are associated with the outbreak

Most Read