The IT Nerd

Sometimes it’s not people from the outside that you have to worry about when it comes to protecting your data. Sometimes you have to worry about your own employees. A case in point is Desjardins who today admitted that this happened:

A Laval police investigation, which Desjardins has been closely involved with, has revealed that the personal information of 2.9 million members (2.7 million personal members and 173,000 business members) was disclosed to individuals outside Desjardins without authorization.

The investigation quickly traced the leak to a single source: an ill-intentioned employee who acted illegally and betrayed the trust of their employer. That person was fired.

The company says that it has not been the target of a cyberattack, and that it has not seen cases of fraud with the the people who have been affected by this Passwords for business and personal accounts have not been compromised. Nor have security questions and PINs have not been impacted. Those who have been impacted the breach are being offered a 12-month credit monitoring plan paid for by Desjardins and they are monitoring the affected accounts.

This should serve as a warning to all companies who handle personal data as it’s pretty clear that bad things can happen if a bad actor inside your company decides to go rogue. And you can expect there to be some serious fallout for Desjardins over this incident.

This entry was posted on June 20, 2019 at 3:07 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.