Desjardins Group is facing a legal backlash after a pair of class-action lawsuits were initiated in connection with a data breach affecting nearly three million members.
Filed in Quebec Superior Court, the proposed class actions allege the financial co-operative either violated its members’ privacy rights or showed negligence in safeguarding their personal and financial information.
Desjardins chief executive Guy Cormier said Thursday a former employee shared the personal information of more than 2.9 million members with third parties outside of the organization.
READ MORE: Desjardins says personal info of 2.9 million members shared illegally by employee
The data includes social insurance numbers, names and addresses, and affects 2.7 million individual members and 173,000 business members.
One application, filed Thursday by law firm Siskinds Desmeules on behalf of a Quebec City resident, seeks compensatory and punitive damages.
The other, filed Friday by the law firms LPC Avocat and Kugler Kandestin on behalf of a Montrealer, says the fact that additional security measures were implemented following the internal breach suggests Desjardins failed to live up to its obligations and owes the applicant $300, plus damages.
On Friday, Desjardins extended its offer to pay for a credit monitoring plan and identity theft insurance for affected members to five years, up from the 12 months announced Thursday.
READ MORE: Desjardins Insurance app raises privacy concerns for drivers
Quebec’s financial watchdog is warning Desjardins members they may be the target of fraudulent emails, texts and phone calls.
“Fraudsters may be tempted to contact you to extract personal information under the pretext that they are doing so in connection with security measures or updates stemming from the incident discovered on June 20, 2019,” the financial markets regulator said in a release.
The first proposed lawsuit notes that the full impact of the “illegal data transmission” _ affecting 41 per cent of Desjardins members and first detected in December _ remains “unknown.”
“With almost three million individuals and businesses affected, whoever he sold it do or disclosed it to…if that took place…that is a treasure trove to potentially make false refund claims on HST or income tax returns or even insurance,” said Denis Meunier, former deputy director of the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC).
WATCH: Russia demands Tinder turn over personal user data