Desjardins Group Details

    Organization Logo

    Desjardins Group

    Lévis, Canada employees • Financial Services

    Industry

    Financial Services

    Security Incidents

    1

    The Desjardins Group is a Canadian financial service cooperative and the largest federation of credit unions in North America. It was founded in 1900 in Lévis, Quebec by Alphonse Desjardins.

    Security Incidents

    Desjardins Group Breach of Dec 2020
    Severity Score
    Low

    Type

    Unknown

    Summary

    In December 2020, Desjardins Group faced Canada's largest cybersecurity breach in the financial services sector due to multiple security gaps. Over 26 months, a rogue employee compromised the personal data of 2.7 million individuals, which later revealed a total of 9.7 million affected members. The breach exposed names, dates of birth, social insurance numbers, addresses, and phone numbers, but passwords and PINs were not compromised. The Portier investigation led to several arrests with ongoing efforts to apprehend more suspects, including individuals abroad. Desjardins implemented a five-yea...
    Show more

    Severity

    The Desjardins Group cyber security incident of December 2020 exposed not just the data of 2.7 million people initially disclosed, but eventually the personal information of all 4.2 million individual members, making it the largest data breach in the Canadian financial services sector. The breach was executed by a single rogue employee, highlighting severe internal security gaps and leading to significant concerns about the safeguarding of personal information. Given the extensive impact, the breach affected millions of individuals’ sensitive data, causing substantial concern and requiring lar...
    Show more

    Impact

    The cyber incident at Desjardins was a severe data breach caused by a rogue employee over a period of at least 26 months. Sensitive personal information of 4.2 million individual members, including names, dates of birth, social insurance numbers, addresses, and phone numbers, was compromised. However, no passwords, security questions, or PINs were involved, and no systems or services were taken offline. The breach did not include the theft of internal company data, intellectual property, or source code.

    KEEP YOUR ENVIRONMENT SECURE

    Weak credentials are the leading cause of breaches. Beyond Identity can help.

    See MFA exploits in action
    Watch how adversaries exploit companies in quick videos