Millions Exposed in Desjardins Data Leak


Millions Exposed in Desjardins Data Leak (Jun 20, 2019)

In one of Canada’s largest data breaches, 2.9 million credit union members of Desjardins Group had their Personally Identifiable Information (PII) leaked. Starting in late 2018, a police investigation was launched following a suspicious transaction, which led to the police notifying Desjardins on June 14 about the extent of the breach. The leaked information, which included addresses, birthdates, banking habits, email addresses, phone numbers, names, social security numbers, was the result of an employee acting illegally. Following the leak, Desjardins conducted their own investigation that resulted in firing the employee and tightening security.

Recommendation: Leaks of this sort causes individuals to be at a large risk of phishing attacks. ACtors can use this information to coerce more personal data from the victim. Users should also monitor their credit in order to make sure that nothing out of the ordinary is happening and no identity fraud is being committed.

Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.