Desjardins Data Breach: What & How It Happened?
Twingate Team
•
Jun 28, 2024
In June 2019, Desjardins, a Quebec-based credit union, announced a significant data breach that affected millions of its customers. The breach was discovered in December 2018, and the crimes related to it were committed between October 2016 and May 2019. The primary suspect, Sébastien Boulanger-Dorval, a former bank employee, was arrested along with four others in connection with the data leak. This event led to class action lawsuits and a settlement agreement submitted to the Superior Court of Quebec for approval.
How many accounts were compromised?
The breach impacted data related to approximately 10 million individuals.
What data was leaked?
The data exposed in the breach consisted of personal and financial information of Desjardins members and clients, which led to fraud and identity theft.
How was Desjardins hacked?
The primary suspect, Sébastien Boulanger-Dorval, a former Desjardins employee, along with others, was charged with fraud, identity theft, and the illegal possession and sale of personal information. Boulanger-Dorval was also charged with using a computer for fraud. The exact methods used to breach the data remain unclear.
Desjardins's solution
In response to the data breach, Desjardins took action to address the situation and prevent future incidents. Although specific enhanced security measures remain unclear, the financial institution cooperated with authorities and expressed satisfaction with the arrests made in connection with the breach. Desjardins also faced scrutiny from the Office of the Privacy Commissioner of Canada and the Commission d’accès à l’information du Québec, which concluded that the organization failed to show the required level of attention to protect customer data. As part of the settlement agreement, eligible individuals will be informed of the outcome through various communication channels once the court approves the settlement.
How do I know if I was affected?
Desjardins has not explicitly mentioned whether they reached out to affected users. If you're a Desjardins customer and haven't received any notification, you may visit Have I Been Pwned to check your credentials.
What should affected users do?
In general, affected users should:
Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.
Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.
Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.
Monitor Your Accounts: Keep an eye on your financial and personal accounts for any suspicious activity. Report any unauthorized transactions or changes to the respective service providers immediately.
For more specific help and instructions related to Desjardins's data breach, please contact Desjardins support directly.
Where can I go to learn more?
If you want to find more information on the Desjardins data breach, check out the following news articles:
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
Desjardins Data Breach: What & How It Happened?
Twingate Team
•
Jun 28, 2024
In June 2019, Desjardins, a Quebec-based credit union, announced a significant data breach that affected millions of its customers. The breach was discovered in December 2018, and the crimes related to it were committed between October 2016 and May 2019. The primary suspect, Sébastien Boulanger-Dorval, a former bank employee, was arrested along with four others in connection with the data leak. This event led to class action lawsuits and a settlement agreement submitted to the Superior Court of Quebec for approval.
How many accounts were compromised?
The breach impacted data related to approximately 10 million individuals.
What data was leaked?
The data exposed in the breach consisted of personal and financial information of Desjardins members and clients, which led to fraud and identity theft.
How was Desjardins hacked?
The primary suspect, Sébastien Boulanger-Dorval, a former Desjardins employee, along with others, was charged with fraud, identity theft, and the illegal possession and sale of personal information. Boulanger-Dorval was also charged with using a computer for fraud. The exact methods used to breach the data remain unclear.
Desjardins's solution
In response to the data breach, Desjardins took action to address the situation and prevent future incidents. Although specific enhanced security measures remain unclear, the financial institution cooperated with authorities and expressed satisfaction with the arrests made in connection with the breach. Desjardins also faced scrutiny from the Office of the Privacy Commissioner of Canada and the Commission d’accès à l’information du Québec, which concluded that the organization failed to show the required level of attention to protect customer data. As part of the settlement agreement, eligible individuals will be informed of the outcome through various communication channels once the court approves the settlement.
How do I know if I was affected?
Desjardins has not explicitly mentioned whether they reached out to affected users. If you're a Desjardins customer and haven't received any notification, you may visit Have I Been Pwned to check your credentials.
What should affected users do?
In general, affected users should:
Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.
Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.
Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.
Monitor Your Accounts: Keep an eye on your financial and personal accounts for any suspicious activity. Report any unauthorized transactions or changes to the respective service providers immediately.
For more specific help and instructions related to Desjardins's data breach, please contact Desjardins support directly.
Where can I go to learn more?
If you want to find more information on the Desjardins data breach, check out the following news articles:
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
Desjardins Data Breach: What & How It Happened?
Twingate Team
•
Jun 28, 2024
In June 2019, Desjardins, a Quebec-based credit union, announced a significant data breach that affected millions of its customers. The breach was discovered in December 2018, and the crimes related to it were committed between October 2016 and May 2019. The primary suspect, Sébastien Boulanger-Dorval, a former bank employee, was arrested along with four others in connection with the data leak. This event led to class action lawsuits and a settlement agreement submitted to the Superior Court of Quebec for approval.
How many accounts were compromised?
The breach impacted data related to approximately 10 million individuals.
What data was leaked?
The data exposed in the breach consisted of personal and financial information of Desjardins members and clients, which led to fraud and identity theft.
How was Desjardins hacked?
The primary suspect, Sébastien Boulanger-Dorval, a former Desjardins employee, along with others, was charged with fraud, identity theft, and the illegal possession and sale of personal information. Boulanger-Dorval was also charged with using a computer for fraud. The exact methods used to breach the data remain unclear.
Desjardins's solution
In response to the data breach, Desjardins took action to address the situation and prevent future incidents. Although specific enhanced security measures remain unclear, the financial institution cooperated with authorities and expressed satisfaction with the arrests made in connection with the breach. Desjardins also faced scrutiny from the Office of the Privacy Commissioner of Canada and the Commission d’accès à l’information du Québec, which concluded that the organization failed to show the required level of attention to protect customer data. As part of the settlement agreement, eligible individuals will be informed of the outcome through various communication channels once the court approves the settlement.
How do I know if I was affected?
Desjardins has not explicitly mentioned whether they reached out to affected users. If you're a Desjardins customer and haven't received any notification, you may visit Have I Been Pwned to check your credentials.
What should affected users do?
In general, affected users should:
Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.
Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.
Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.
Monitor Your Accounts: Keep an eye on your financial and personal accounts for any suspicious activity. Report any unauthorized transactions or changes to the respective service providers immediately.
For more specific help and instructions related to Desjardins's data breach, please contact Desjardins support directly.
Where can I go to learn more?
If you want to find more information on the Desjardins data breach, check out the following news articles:
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions