A Caisse populaire Desjardins sign is seen in Montreal on Tuesday, June 18, 2019. The federal privacy watchdog says a series of technological and administrative gaps caused a high-profile data breach at Desjardins — the largest in the Canadian financial services sector. THE CANADIAN PRESS/Paul Chiasson

A Caisse populaire Desjardins sign is seen in Montreal on Tuesday, June 18, 2019. The federal privacy watchdog says a series of technological and administrative gaps caused a high-profile data breach at Desjardins — the largest in the Canadian financial services sector. THE CANADIAN PRESS/Paul Chiasson

Series of gaps allowed massive Desjardins data breach, privacy watchdog says

The incident compromised the data of nearly 9.7 million Canadians

A series of technological and administrative gaps caused a high-profile data breach at Desjardins — the largest to date in the Canadian financial services sector, the federal privacy watchdog has found.

In a report today, privacy commissioner Daniel Therrien said Desjardins did not demonstrate the level of attention needed to protect the sensitive personal information entrusted to its care.

The incident compromised the data of nearly 9.7 million Canadians.

“Canadians expect banking information to have a high level of protection, given its sensitivity,” Therrien told a news conference today.

For at least 26 months, a malicious employee was siphoning sensitive personal information collected by Desjardins from customers who had purchased or received products through the organization, Therrien found.

This information was originally stored in two data warehouses to which the employee in question had limited access, the commissioner said.

However, other employees, in the course of fulfilling their work, would regularly copy that information onto a shared drive. As a result, employees who would not usually have the required clearance or the need to access some of the confidential data were able to do so, Therrien found.

The commissioner says the investigation into the breach sheds light on the risks of internal threats, whether they are intentional or not.

The investigation revealed that Desjardins failed to meet several of its obligations under the federal privacy law governing companies. Therrien found:

  • Desjardins did not ensure proper implementation of its policies and procedures for managing personal information, some of which were inadequate;
  • The access controls and data segregation of the company’s databases and directories were lacking;
  • Employee training and awareness were inadequate, considering the sensitive nature of the personal information;
  • Desjardins did not have proper procedures regarding the periodic destruction of personal information.

Desjardins agreed to a series of recommendations to improve information security and the protection of personal data, Therrien said.

The company has committed to provide progress reports every six months as well as hire external auditors to assess and certify its programs.

Therrien’s office and the Commission d’accès à l’information du Québec, which also published its report today, co-ordinated their respective probes.

Jim Bronskill, The Canadian Press

Like us on Facebook and follow us on Twitter.

Want to support local journalism? Make a donation here.

Just Posted

.
Princeton’s Spotlight wins two provincial awards for excellence

Publisher takes first place for investigative reporting

Princeton GSAR responds 24 hours a day, 365 days a year. In 2020 the crew was called out 34 times, and members spent 721 hours on calls, and 683 hours training. Photo Princeton GSAR Facebook
Teen missing in Manning Park found after 24 hours

Young man spends night on mountain and survives with just a few scrapes

The COVID-19 cases reported over the week of May 30 to June 5. (BC CDC)
South Okanagan sees second straight week of 17 new COVID-19 cases

Summerland, Keremeos and Princeton all recorded no new cases

The Regional District of Okanagan-Similkameen has hired a new FireSmart coordinator. (Black Press file photo)
FireSmart coordinator named for Regional District of Okanagan-Similkameen

Kerry Riess will provide assistance to mitigate potential wildfire hazards

The damages to the downtown park in Keremeos. One of the trees that was uprooted was a memorial tree with a plaque. (Submitted)
Memorial tree in Keremeos park uprooted by vandals

All of the trees in the small park were torn up and the statue was shifted

Dr. Albert de Villiers, chief medical health officer for the Interior Health Authority. (Contributed)
Black Press Media Weekly Roundup: Top headlines this week

Here’s a summary of this week’s biggest stories from the Okanagan-Shuswap

A person receives a COVID-19 vaccine at a vaccination clinic run by Vancouver Coastal Health, in Richmond, B.C., Saturday, April 10, 2021. THE CANADIAN PRESS/Jonathan Hayward
More than 75% of B.C. adults have 1st dose of COVID vaccine

The federal government has confirmed a boost in the Moderna vaccine will be coming later this month

Airport ground crew offload a plane carrying just under 300,000 doses of the single-shot Johnson & Johnson COVID-19 vaccine which is developed by the Janssen Pharmaceutical Companies at Pearson International Airport during the COVID-19 pandemic in Toronto on Wednesday, April 28, 2021. THE CANADIAN PRESS/Nathan Denette
1st batch of Johnson & Johnson vaccines won’t be released in Canada over quality concerns

The vaccines were quarantined in April before they were distributed to provinces

The rainbow flag flies beside the Canadian flag outside the University of the Fraser Valley’s Chilliwack campus on June 26, 2020. Monday, June 14, 2021 is Flag Day, and also June is Pride Month. (Jenna Hauck/ Chilliwack Progress file)
Unofficial holidays: Here’s what people are celebrating for the week of June 13 to 19

Flag Day, Garbage Man Day, International Panic Day all coming up this week

57-year-old Kathleen Richardson was discovered deceased in her home Wednesday, June 9, 2021. Her death is considered a homicide and connected to the slain brothers found on a Naramata forest road. (Submitted)
Condolences pour in for Kathy Richardson, Naramata’s 3rd homicide victim in recent weeks

Richardson was well liked in the community, a volunteer firefighter with a home-based salon

British Columbia-Yukon Community News Association’s 2021 Ma Murray Awards were handed out during a virtual ceremony on Friday, June 10. (Screen grab)
Black Press Media winners take gold at B.C. and Yukon journalism awards

Publications received nods in dozens of categories

The RCMP are asking for assistance regarding the death of Kathleen Richardson of Naramata, pictured here. Her death is believed to be related to two homicides in Naramata in May. (RCMP)
Police identify South Okanagan homicide victim as 57-year-old Naramata woman

57-year-old Kathleen Richardson was discovered deceased in her home Wednesday

Fair-goers take a ride at the 120th annual Armstrong Interior Provincial Exhibition and Stampede Aug. 28-Sept. 1, 2019. (Katherine Peters - Morning Star)
Armstrong’s IPE not eligible for COVID-19 grant designed for major attractions

Shuswap MLA Greg Kyllo criticized the rigidity of the provincial program’s criteria

Two e-scooters parked on the sidewalk along Water Street in downtown Kelowna on Monday, May 3. Scooters parked on walkways are causing accessibility issues for some people with disabilities. (Michael Rodriguez/Capital News)
Kelowna General Hospital clinicians observe increase in e-scooter injuries

A report is set to go to city council next week on how the e-scooter pilot has gone thus far

Most Read