A Caisse populaire Desjardins sign is seen in Montreal on Tuesday, June 18, 2019. The federal privacy watchdog says a series of technological and administrative gaps caused a high-profile data breach at Desjardins — the largest in the Canadian financial services sector. THE CANADIAN PRESS/Paul Chiasson

A Caisse populaire Desjardins sign is seen in Montreal on Tuesday, June 18, 2019. The federal privacy watchdog says a series of technological and administrative gaps caused a high-profile data breach at Desjardins — the largest in the Canadian financial services sector. THE CANADIAN PRESS/Paul Chiasson

Series of gaps allowed massive Desjardins data breach, privacy watchdog says

The incident compromised the data of nearly 9.7 million Canadians

A series of technological and administrative gaps caused a high-profile data breach at Desjardins — the largest to date in the Canadian financial services sector, the federal privacy watchdog has found.

In a report today, privacy commissioner Daniel Therrien said Desjardins did not demonstrate the level of attention needed to protect the sensitive personal information entrusted to its care.

The incident compromised the data of nearly 9.7 million Canadians.

“Canadians expect banking information to have a high level of protection, given its sensitivity,” Therrien told a news conference today.

For at least 26 months, a malicious employee was siphoning sensitive personal information collected by Desjardins from customers who had purchased or received products through the organization, Therrien found.

This information was originally stored in two data warehouses to which the employee in question had limited access, the commissioner said.

However, other employees, in the course of fulfilling their work, would regularly copy that information onto a shared drive. As a result, employees who would not usually have the required clearance or the need to access some of the confidential data were able to do so, Therrien found.

The commissioner says the investigation into the breach sheds light on the risks of internal threats, whether they are intentional or not.

The investigation revealed that Desjardins failed to meet several of its obligations under the federal privacy law governing companies. Therrien found:

  • Desjardins did not ensure proper implementation of its policies and procedures for managing personal information, some of which were inadequate;
  • The access controls and data segregation of the company’s databases and directories were lacking;
  • Employee training and awareness were inadequate, considering the sensitive nature of the personal information;
  • Desjardins did not have proper procedures regarding the periodic destruction of personal information.

Desjardins agreed to a series of recommendations to improve information security and the protection of personal data, Therrien said.

The company has committed to provide progress reports every six months as well as hire external auditors to assess and certify its programs.

Therrien’s office and the Commission d’accès à l’information du Québec, which also published its report today, co-ordinated their respective probes.

Jim Bronskill, The Canadian Press

Like us on Facebook and follow us on Twitter.

Want to support local journalism? Make a donation here.

Get local stories you won't find anywhere else right to your inbox.
Sign up here

Just Posted

FILE — In this March 31, 2021 file photo, a nurse fills a syringe with a dose of the Johnson & Johnson’s one-dose COVID-19 vaccine at the Vaxmobile, at the Uniondale Hempstead Senior Center, in Uniondale, N.Y. The U.S. is recommending a “pause” in administration of the single-dose Johnson & Johnson COVID-19 vaccine to investigate reports of potentially dangerous blood clots. In a joint statement Tuesday, the Centers for Disease Control and Prevention and the Food and Drug Administration said it was investigating clots in six women in the days after vaccination, in combination with reduced platelet counts. (AP Photo/Mary Altaffer, File)
72 new COVID-19 cases in Interior Health

This brings the total number of cases in the region to 9,666 since the pandemic began

Kootenay-Columbia MP Rob Morrison. Photo courtesy Conservative Party of Canada.
MP Morrison hopes for economic recovery plan in upcoming federal budget

Kootenay-Columbia Conservative looking for post-pandemic recovery plan in next week’s Liberal budget

RCMP. (Phil McLachlan/Capital News)
RCMP seek help on egging attacks

Someone is egging the Seniors Villa in Sparwood

Michael Yellowlees and his dog, Luna, are walking across Canada. (Scott Tibballs / The Free Press)
Scottish man treks across Canada for the trees

Michael Yellowlees is raising money and awareness for the re-wilding of Scotland

A syringe is loaded with COVID-19 vaccine at a vaccination clinic run by Vancouver Coastal Health, in Richmond, B.C., Saturday, April 10, 2021. THE CANADIAN PRESS/Jonathan Hayward
Interior Health announces 89 cases of COVID-19 in the region

Currently, there are 900 active cases in the region

Restaurant patrons enjoy the weather on a patio in Vancouver, B.C., Monday, April 5, 2021. The province has restricted indoor dining at all restaurants in B.C. due to a spike in COVID-19 numbers. THE CANADIAN PRESS/Jonathan Hayward
B.C.’s COVID-19 indoor dining, drinking ban extending into May

Restaurant association says patio rules to be clarified

B.C. Premier John Horgan speaks at the B.C. legislature. (B.C. government)
Tougher COVID-19 restrictions in B.C., including travel, still ‘on the table’: Horgan

John Horgan says travel restrictions will be discussed Wednesday by the provincial cabinet

Protesters occupied a road leading to Fairy Creek Watershed near Port Renfrew. (Submitted photo)
B.C. First Nation says logging activist interference not welcome at Fairy Creek

Vancouver Island’s Pacheedaht concerned about increasing polarization over forestry activities

Cannabis bought in British Columbia (Ashley Wadhwani/Black Press Media)
Is it time to start thinking about greener ways to package cannabis?

Packaging suppliers are still figuring eco-friendly and affordable packaging options that fit the mandates of Cannabis Regulations

Flow Academy is not accepting membership applications from anybody who has received a dose of the vaccine, according to a password-protected membership application form. (Submitted image)
B.C. martial arts gym refusing patrons who have been vaccinated, wear masks

Interior Health has already issued a ticket to Flow Academy for non-compliance with public health orders

Guinevere, lovingly referred to by Jackee Sullivan and her family as Gwenny, is in need of a gynecological surgery. The family is raising money to help offset the cost of the procedure. (Jackee Sullivan/Special to Langley Advance Times)
Langley lizard’s owners raise funds for gynecological surgery

The young reptile is scheduled for operation on Tuesday

Facebook screenshot of the sea lion on Holberg Road. (Greg Clarke Facebook video)
VIDEO: Sea lion randomly spotted on remote B.C. logging road

Greg Clarke was driving home on the Holberg Road April 12, when he saw a large sea lion.

Defence counsel for the accused entered two not guilty pleas by phone to Grand Forks Provincial Court Tuesday, Jan. 12. File photo
B.C. seafood company owner fined $25K for eating receipt, obstructing DFO inspection

Richmond company Tenshi Seafood is facing $75,000 in fines as decided March 4 by a provincial court judge

B.C. Finance Minister Selina Robinson speaks in the B.C. legislature, March 2, 2021. (Hansard TV)
B.C. NDP ministers defend ‘air tax,’ latest COVID-19 business aid

Empty home tax doesn’t apply to businesses, but space above them

Most Read