The massive Desjardins consumer data breach was under renewed scrutiny Monday as members of the House of Commons public safety committee returned to Ottawa for an emergency meeting about whether the Quebec firm breached its duty to protect private information last month.
That breach left the bank scrambling to explain how an employee was able to leak the social insurance numbers and other sensitive consumer information of roughly 2.9 million clients to a third-party and prompted Desjardians to announce what it billed as permanent digital protection for all of its customers.
Just hours before the public safety committee was set to meet, the firm put out a press release saying the unclear measures, described only as permanent digital protection, would be made available not only to those clients whose personal information was breached. It has previously offered Equifax credit monitoring.
The employee Desjardins says is responsible has since been fired.
WATCH BELOW: Desjardins data breach a test of Bill C-59 and its various interfaces
Members of the public safety committee included several Quebec Liberal and opposition MPs who said during the meeting they are personally impacted by the data breach and wanted more information about what the bank is doing to help its clients.
Some, including Liberal MP Linda Lapointe, noted she is hearing from constituents who have been having difficulties accessing the support services set up by Desjardins, with some saying they hadn’t been able to access French services.
Roughly 90 per cent of Desjardins’ members are in Quebec.
“Over time, we did realize their ability to deal with francophone members was limited, that’s why we set up other initiatives,” said Denis Berthiaume, senior executive vice-president and chief operating officer at the firm, adding the firm is offering services as the branch level as well.
Berthiaume and the other officials there said they are not the first to face a “malevolent” employee and will not be the last.
But they said they think the current rules in place are adequate.
“This was one employee who found a way to get around all the rules, get around all the rules in place, and he was able to extract that data,” Berthiaume said.
“We re constantly evolving and improving an insuring that new technology which leads to new risks is reviewed. We have people who are trying to infiltrate the system so we’re constantly working to improve procedures.”
Both the federal privacy commissioner and his Quebec counterpart have also launched investigations into the breach.
— With files from the Canadian Press