Series of gaps allowed massive Desjardins data breach, privacy watchdog says

Federal Privacy Commissioner says a series of technological and administrative gaps allowed an employee of financial services company Desjardins to take customer data on 9.7 million Canadians over more than two years.

The Canadian Press

OTTAWA — The federal privacy watchdog says a series of technological and administrative gaps caused a high-profile data breach at Desjardins — the largest in the Canadian financial services sector.

In a report today, privacy commissioner Daniel Therrien says Desjardins did not demonstrate the level of attention needed to protect the sensitive personal information entrusted to its care.

The incident compromised the data of nearly 9.7 million Canadians.

Therrien says that for at least 26 months, a malicious employee was siphoning sensitive personal information collected by Desjardins from customers who had purchased or received products through the organization.

The commissioner says the investigation into the breach sheds light on the risks of internal threats, whether they are intentional or not.

Therrien's office and the Commission d’accès à l’information du Québec, which also published its decision today, co-ordinated their respective probes.

Related stories