MP probe massive Desjardins data breach in emergency committee meeting

A Caisse populaire Desjardins sign is seen in Montreal on Tuesday, June 18, 2019. THE CANADIAN PRESS/Paul Chiasson. THE CANADIAN PRESS/Paul Chiasson

The massive Desjardins consumer data breach was under renewed scrutiny Monday as members of the House of Commons public safety committee returned to Ottawa for an emergency meeting about whether the Quebec firm breached its duty to protect private information last month.

That breach left the bank scrambling to explain how an employee was able to leak the social insurance numbers and other sensitive consumer information of roughly 2.9 million clients to a third-party and prompted Desjardians to announce what it billed as permanent digital protection for all of its customers.

READ MORE: MPs will hold emergency meeting on Desjardins data breach

Just hours before the public safety committee was set to meet, the firm put out a press release saying the unclear measures, described only as permanent digital protection, would be made available not only to those clients whose personal information was breached. It has previously offered Equifax credit monitoring.

Story continues below advertisement

The employee Desjardins says is responsible has since been fired.

WATCH BELOW: Desjardins data breach a test of Bill C-59 and its various interfaces

Click to play video: 'Desjardins data breach a test of Bill C-59 and its various interfaces'
Desjardins data breach a test of Bill C-59 and its various interfaces

Members of the public safety committee included several Quebec Liberal and opposition MPs who said during the meeting they are personally impacted by the data breach and wanted more information about what the bank is doing to help its clients.

Breaking news from Canada and around the world sent to your email, as it happens.

Some, including Liberal MP Linda Lapointe, noted she is hearing from constituents who have been having difficulties accessing the support services set up by Desjardins, with some saying they hadn’t been able to access French services.

Roughly 90 per cent of Desjardins’ members are in Quebec.

READ MORE: Desjardins says personal info of 2.9 million members shared illegally by employee

“Over time, we did realize their ability to deal with francophone members was limited, that’s why we set up other initiatives,” said Denis Berthiaume, senior executive vice-president and chief operating officer at the firm, adding the firm is offering services as the branch level as well.

Story continues below advertisement

Berthiaume and the other officials there said they are not the first to face a “malevolent” employee and will not be the last.

But they said they think the current rules in place are adequate.

“This was one employee who found a way to get around all the rules, get around all the rules in place, and he was able to extract that data,” Berthiaume said.

“We re constantly evolving and improving an insuring that new technology which leads to new risks is reviewed. We have people who are trying to infiltrate the system so we’re constantly working to improve procedures.”

Both the federal privacy commissioner and his Quebec counterpart have also launched investigations into the breach.

— With files from the Canadian Press


Sponsored content