> The information includes names, addresses, birth dates, social insurance numbers, email addresses and information about transaction habits.<p>Oooof.<p>> However, Desjardins said, passwords, security questions and personal identification numbers have not been compromised.<p>Well that's a relief! Glad the things that are easy to change are safe.
> The federation's CEO and president, Guy Cormier, said the security breach is not the result of a cyberattack, but the work of an employee who improperly accessed and shared the information.<p>> That employee has been fired.<p>> Cormier said he felt "betrayed" by the former employee's actions.<p>Fired? How about arrested?
If it was possible for an employee to "access and share" 2.9m datasets, it's the company's fault. No matter who the employee is, if you don't have safeguards in place as a credit union, you aren't doing your job. Like, at all.
fuuuck<p>> Anyone whose data was affected will receive a 12-month credit monitoring plan, paid for by Desjardins. That service includes access to daily credit reports, alerts of any changes and identity theft insurance.<p>> "I want to be really clear," said Cormier. "Our members will be reimbursed [for any losses they incur.] There will be no cost to our members."<p>Not bad.
As a retired IT Exec (I worked in Cdn banking for over a decade) this kinda thing used to keep me up at night!<p>To mitigate the risk I wanted to implement a blanket USB plug-n-play restriction but the client-side Execs overruled me. Fortunately a leak never happened, but really it was just good fortune.
In this world of NSA, data leaks and FAARG, the only way forward is undocumented births and backwoods medicine to avoid personal information being at the mercy of the state, corporations and criminal organizations.
More informations from Desjardins: <a href="https://www.desjardins.com/ca/personal-information/index.jsp" rel="nofollow">https://www.desjardins.com/ca/personal-information/index.jsp</a>
> The information includes names, addresses, birth dates, social insurance numbers, email addresses and information about transaction habits.<p>It's starting to look downright irresponsible to regard such information as private these days.<p>As such, it should be considered irresponsible to base any portion of a verification protocol on that information.
This isn't surprising, As is with everything with Québec, Desjardins is a Québec based business. They will still retain their customer base. Their site's UX was so bad that I didn't use them as my bank. Their English customer service sucks too. Glad I made that choice. A data breach is still a data breach even if it was by a rogue employee.<p>By the looks of it, Quebec's Communauto is next in the line.