Desjardins Proposes $155M Data Breach Settlement
Desjardins, which is Canada's largest credit union and one of the world’s largest banks, announced on June 20, 2019, that a data breach had occurred.
A joint investigation into the security incident, launched in July 2019 by the Office of the Privacy Commissioner of Canada and its local equivalent in Quebec, found that a “malicious” Desjardins employee had siphoned data.
Over a period of at least 26 months, the personal information of nearly 10 million individuals was exfiltrated from Desjardins. Data compromised in the incident included names, dates of birth, residential addresses, social insurance numbers, email addresses, telephone numbers, and transaction histories.
Individuals impacted by the breach included current and former Desjardins banking members and current and former clients with a credit card or in-store financing.
“Such data elements can be considered sensitive on their own,” concluded the agencies. “When combined, they can also be exploited by malicious individuals to steal the identities of the persons concerned.”
Plaintiffs represented by law firms Siskinds Desmeules and Kugler Kandestin filed class actions in connection with the privacy breach.